mkdir ./docker
./get_docker.sh
docker build -t snort3 .
docker run -d --name snort3 snort3
docker exec -it snort3 bash
snort -A alert_fast -k none -q -c /usr/local/etc/snort/snort.lua -R /opt/rules/local.rules --pcap-dir=/opt/pcap --pcap-show
snort3规则编写变化参考 规则变化说明