# apt-get update
# apt-get install snort

設定画面が開くので、以下の3つを設定する
---| Configuring snort |---

On which interface(s) should Snort listen? 
→ eth0

Please enter the address range that Snort will listen on.
→ 192.168.1.0/24

Who should receive the daily statistics mails?
→ root

Timeモジュールの導入
# wget http://search.cpan.org/CPAN/authors/id/M/MU/MUIR/modules/Time-modules-2003.1126.tar.gz
# tar zxvf Time-modules-2003.1126.tar.gz
# cd Time-modules-2003.1126
# perl Makefile.PL
# make
# make install

SnortSnarfの導入
# wget http://www.snort.org/dl/contrib/data_analysis/snortsnarf/SnortSnarf-050314.1.tar.gz
# tar zxvf SnortSnarf-050314.1.tar.gz
# cp -a SnortSnarf-050314.1 /usr/local/snortsnarf
# mkdir /var/www/snortsnarf

後片付け
# rm -rf Time-modules-2003.1126*
# rm -rf SnortSnarf-050314.1*

# vi /etc/apache2/conf.d/snortsnarf
Alias /snort /var/www/snortsnarf

<Location /snort>
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from 192.168.1
</Location>

ファイル作成後、Apacheを再起動する
# /etc/init.d/apache2 restart

# vi /usr/local/snortsnarf/include/SnortSnarf/HTMLMemStorage.pm
return @arr->[($first-1)..$end];　　　←290行目
↓
return @arr[($first-1)..$end];

# vi /usr/local/snortsnarf/include/SnortSnarf/HTMLAnomMemStorage.pm
return @arr->[($first-1)..$end];　　　　←266行目
↓
return @arr[($first-1)..$end];

# cd /usr/local/snortsnarf
# ./snortsnarf.pl -d /var/www/snortsnarf -homenet 192.168.1.0/24 -rulesdir /etc/snort/rules/ \
/var/log/snort/alert

# crontab -e
00 */2 * * *    cd /usr/local/snortsnarf ； /usr/local/snortsnarf/snortsnarf.pl -d /var/www/snortsnarf
 -homenet 192.168.1.0/24 -rulesdir /etc/snort/rules/ /var/log/snort/alert > /dev/null 2>&1
(実際には改行無しで記述)