Download
Snowl sensor:
snowl-sensor_1.7.2_amd64.deb
snowl-sensor-1.7.2-1.x86_64.rpm
Auto installation scripts:
snowl-install-ubuntu.sh
snowl-install-debian.sh
snowl-install-centos.sh
snowl-install-fedora.sh
Please choose your operating system to view the installation guide.
1 OBTAINING SUPERUSER (ROOT) PRIVILEGES
Installation of Snort and Snowl at Ubuntu requires superuser (root) rights. The simplest way is to get a terminal with root privileges using su command (root user password needs to be entered):
sudo su -
2 SNOWL AUTOMATIC INSTALLATION SCRIPT
All necessary steps for installing Snort, Snowl, described below are united into a script, you can download and run using the following command:
wget https://snowl.io/download/snowl-install-ubuntu.sh && bash ./snowl-install-ubuntu.sh
The script will carry out the steps described below with automatic consent to the recommended variant.
Only two questions will be asked:
Install Snowl? Install Snowl-sensor?
answer “yes” or just press Enter on the PC intended for Snowl graphical interface for the first question, and “no” on the PC intended for Snowl sensor. Do the same for the second question.
Or answer “yes” in both cases if you are going to install all on a single PC.
After the script is completed, proceed to step 5 – VERIFY INSTALLATION.
3 SNOWL INSTALLATION
The following instructions have to be followed on the PC where Snowl graphical interface will be installed.
A web server is required for operation of Snowl. It can be Apache or Nginx.
Select and install one of them, for example, Apache.
Apache installation
apt install apache2
Nginx installation
apt install nginx
Run the following commands to install Snowl:
wget https://snowl.io/download/snowl_1.7.1_amd64.deb && dpkg -i ./snowl_1.7.1_amd64.deb
Configure a web server for working with Snowl. For this purpose, do the following:
/opt/snowl/snowl-configure-httpd
This script will set a symbolic link to Snowl configuration on the web server and open port 5500 to start Snowl web interface. It is recommended to answer the script’s questions positively: either type “yes” or just press “Enter” on the keyboard.
4 INSTALLATION OF SNOWL SENSOR
The following instructions have to be followed on the PC on which Snowl sensor will be installed.
At the first stage, install Snort deb-packages and dependencies. Unfortunately, only Snort 2.9.7 version is available in the original Ubuntu repository that is not supported by Snort design team anymore which can cause some difficulties when searching for a ruleset compatible with this version.
Snowl design team reformed deb-packages of the latest stable Snort version and placed them in Ubuntu repository at
https://launchpad.net/~snowl/+archive/ubuntu/snort.
If you already have Snort installed and working, make sure you are using the latest stable version
In order to install Snort from our repository, run the following commands:
add-apt-repository ppa:snowl/snort apt-get update apt install -y snort
We recommend disabling autorun with Snort commands described below. Snowl will control starting and stopping.
systemctl stop snort systemctl disable snort
In order to install Snowl sensor, run:
wget https://snowl.io/download/snowl-sensor_1.7.1_amd64.deb && dpkg -i ./snowl-sensor_1.7.1_amd64.deb
Then, you need to set rights for operation of Snowl-sensor with Snort (starting/stopping). For this purpose, run:
/opt/snowl-sensor/snowl-snort fix
This script will replace Snort owner group with snort group so that only members of the group could run Snort and will add a snowl user to the snort group.
5 Verify Installation
In order to verify correctness of installation, open the browser (Google Chrome or Mozilla Firefox are recommended) and type the following in the address bar:
You will see Snowl interface login page. (Reminder: By default, your user name and password are equal to admin and 123456 respectively. We
recommend that you change the credentials after the first logging in to the system. To do that, follow instructions in section 4.6.2, “Changing User’s Personal Data” in Snowl User’s Guide.)
1 OBTAINING SUPERUSER (ROOT) PRIVILEGES
Installation of Snort and Snowl at Debian requires superuser (root) rights. The simplest way is to get a terminal with root privileges using su command (root user password needs to be entered):
su
2 SNOWL AUTOMATIC INSTALLATION SCRIPT
All necessary steps for installing Snort, Snowl, described below are united into a script, you can download and run using the following command:
wget https://snowl.io/download/snowl-install-debian.sh && bash ./snowl-install-debian.sh
The script will carry out the steps described below with automatic consent to the recommended variant.
Only two questions will be asked:
Install Snowl? Install Snowl-sensor?
answer “yes” or just press Enter on the PC intended for Snowl graphical interface for the first question, and “no” on the PC intended for Snowl sensor. Do the same for the second question.
Or answer “yes” in both cases if you are going to install all on a single PC.
After the script is completed, proceed to step 5 – VERIFY INSTALLATION.
3 SNOWL INSTALLATION
The following instructions have to be followed on the PC where Snowl graphical interface will be installed.
A web server is required for operation of Snowl. It can be Apache or Nginx.
Select and install one of them, for example, Apache.
Apache installation
apt install apache2
Nginx installation
apt install nginx
Snowl will use command sudo to run its own process under user snowl (to limit rights to the minimum required). So you need to install sudo:
apt install sudo
Run the following commands to install Snowl:
wget https://snowl.io/download/snowl_1.7.1_amd64.deb && dpkg -i ./snowl_1.7.1_amd64.deb
Configure a web server for working with Snowl. For this purpose, do the following:
/opt/snowl/snowl-configure-httpd
This script will set a symbolic link to Snowl configuration on the web server and open port 5500 to start Snowl web interface. It is recommended to answer the script’s questions positively: either type “yes” or just press “Enter” on the keyboard.
4 INSTALLATION OF SNOWL SENSOR
The following instructions have to be followed on the PC on which Snowl sensor will be installed.
At the first stage, install Snort deb-packages and dependencies. Unfortunately, only Snort 2.9.7 version is available in the original Debian repository that is not supported by Snort design team anymore which can cause some difficulties when searching for a ruleset compatible with this version.
Snowl design team reformed deb-packages of the latest stable Snort version and placed them in Debian repository at https://packages.snowl.io
If you already have Snort installed and working, make sure you are using the latest stable version
In order to install Snort from our repository, run the following commands (apt-key will use command gpg, so you need to install gnupg as shown bellow):
apt install gnupg wget -O - https://packages.snowl.io/keyfile | apt-key add - echo 'deb [arch=amd64] https://packages.snowl.io/debian buster main' > /etc/apt/sources.list.d/snowl-team.list apt update -y
We recommend disabling autorun with Snort commands described below. Snowl will control starting and stopping.
systemctl stop snort systemctl disable snort
Snowl-sensor will use command sudo to run its own process under user snowl (to limit rights to the minimum required). So you need to install sudo:
apt install sudo
In order to install Snowl sensor, run:
wget https://snowl.io/download/snowl-sensor_1.7.1_amd64.deb && dpkg -i ./snowl-sensor_1.7.1_amd64.deb
Then, you need to set rights for operation of Snowl-sensor with Snort (starting/stopping). For this purpose, run:
/opt/snowl-sensor/snowl-snort fix
This script will replace Snort owner group with snort group so that only members of the group could run Snort and will add a snowl user to the snort group.
5 Verify Installation
In order to verify correctness of installation, open the browser (Google Chrome or Mozilla Firefox are recommended) and type the following in the address bar:
You will see Snowl interface login page. (Reminder: By default, your user name and password are equal to admin and 123456 respectively. We
recommend that you change the credentials after the first logging in to the system. To do that, follow instructions in section 4.6.2, “Changing User’s Personal Data” in Snowl User’s Guide.)
1 OBTAINING SUPERUSER (ROOT) PRIVILEGES
Installation of Snort and Snowl at Ubuntu requires superuser (root) rights. The simplest way is to get a terminal with root privileges using su command (root user password needs to be entered):
su
2 SNOWL AUTOMATIC INSTALLATION SCRIPT
All necessary steps for installing Snort, Snowl, described below are united into a script, you can download and run using the following command:
curl -sL https://snowl.io/download/snowl-install-centos.sh > snowl-install-centos.sh && bash ./snowl-install-centos.sh
The script will carry out the steps described below with automatic consent to the recommended variant.
Only two questions will be asked:
Install Snowl? Install Snowl-sensor?
answer “yes” or just press Enter on the PC intended for Snowl graphical interface for the first question, and “no” on the PC intended for Snowl sensor. Do the same for the second question.
Or answer “yes” in both cases if you are going to install all on a single PC.
After the script is completed, proceed to step 5 – VERIFY INSTALLATION
3 SNOWL INSTALLATION
The following instructions have to be followed on the PC where Snowl graphical interface will be installed.
A web server is required for operation of Snowl. It can be Apache or Nginx.
Select and install one of them, for example, Apache.
Apache installation
Important: the official repository of CentOS has obsolete Apache from 2013 year, for the correct operation Snowl a more recent version is required. You can install the latest version of apache2 from the CodeIT repository:
cd /etc/yum.repos.d && \ curl -L https://repo.codeit.guru/codeit.el`rpm -q --qf "%{VERSION}" $(rpm -q --whatprovides redhat-release)`.repo -o codeit.el`rpm -q --qf "%{VERSION}" $(rpm -q --whatprovides redhat-release)`.repo
yum install -y httpd systemctl enable httpd systemctl start httpd
Nginx installation
yum install -y epel-release yum install -y nginx systemctl enable nginx systemctl start nginx
Run the following commands to install Snowl:
yum install -y https://snowl.io/download/snowl-1.7.1-1.x86_64.rpm
Configure a web server for working with Snowl. For this purpose, do the following:
/opt/snowl/snowl-configure-httpd
This script will set a symbolic link to Snowl configuration on the web server and open port 5500 to start Snowl web interface. It is recommended to answer the script’s questions positively: either type “yes” or just press “Enter” on the keyboard.
4 INSTALLATION OF SNOWL SENSOR
The following instructions have to be followed on the PC on which Snowl sensor will be installed.
At the first stage, install Snort deb-packages and dependencies.
If you already have Snort installed and working, make sure you are using the latest stable version.
In order to install Snort, run the following commands:
yum install -y epel-release yum install -y libpcap yum install -y libnghttp2 yum install -y libdnet yum install -y https://www.snort.org/downloads/snort/snort-2.9.15-1.centos7.x86_64.rpm
Then do small fix:
ln -s /usr/lib64/libdnet.so.1.0.1 /usr/lib64/libdnet.1
In order to install Snowl sensor, run:
yum install -y https://snowl.io/download/snowl-sensor-1.7.1-1.x86_64.rpm
Then, you need to set rights for operation of Snowl-sensor with Snort (starting/stopping). For this purpose, run:
/opt/snowl-sensor/snowl-snort fix
This script will replace Snort owner group with snort group so that only members of the group could run Snort and will add a snowl user to the snort group.
5 Verify Installation
In order to verify correctness of installation, open the browser (Google Chrome or Mozilla Firefox are recommended) and type the following in the address bar:
You will see Snowl interface login page. (Reminder: By default, your user name and password are equal to admin and 123456 respectively. We
recommend that you change the credentials after the first logging in to the system. To do that, follow instructions in section 4.6.2, “Changing User’s Personal Data” in Snowl User’s Guide.)
1 OBTAINING SUPERUSER (ROOT) PRIVILEGE
Installation of Snort and Snowl at Ubuntu requires superuser (root) rights. The simplest way is to get a terminal with root privileges using su command (root user password needs to be entered):
su
2 SNOWL AUTOMATIC INSTALLATION SCRIPT
All necessary steps for installing Snort, Snowl, described below are united into a script you can download and run using the following command:
curl -sL https://snowl.io/download/snowl-install-fedora.sh > snowl-install-fedora.sh && bash ./snowl-install-fedora.sh
The script will carry out the steps described below with automatic consent to the recommended variant.
Only two questions will be asked:
Install Snowl? Install Snowl-sensor?
answer “yes” or just press Enter on the PC intended for Snowl graphical interface for the first question, and “no” on the PC intended for Snowl sensor. Do the same for the second question.
Or answer “yes” in both cases if you are going to install all on a single PC.
After the script is completed, proceed to step 5 – VERIFY INSTALLATION.
3 SNOWL INSTALLATION
The following instructions have to be followed on the PC where Snowl graphical interface will be installed.
A web server is required for operation of Snowl. It can be Apache or Nginx.
Select and install one of them, for example, Apache.
Apache installation
dnf install -y httpd systemctl enable httpd systemctl start httpd
Nginx installation
dnf install -y nginx systemctl enable nginx systemctl start nginx
Run the following commands to install Snowl:
dnf install -y https://snowl.io/download/snowl-1.7.1-1.x86_64.rpm
Configure a web server for working with Snowl. For this purpose, do the following:
/opt/snowl/snowl-configure-httpd
This script will set a symbolic link to Snowl configuration on the web server and open port 5500 to start Snowl web interface. It is recommended to answer the script’s questions positively: either type “yes” or just press “Enter” on the keyboard.
4 INSTALLATION OF SNOWL SENSOR
The following instructions have to be followed on the PC on which Snowl sensor will be installed.
At the first stage, install Snort deb-packages and dependencies.
If you already have Snort installed and working, make sure you are using the latest stable version.
In order to install Snort, run:
dnf install -y libpcap dnf install -y libnghttp2 dnf install -y libdnet dnf install -y https://www.snort.org/downloads/snort/snort-2.9.15-1.f29.x86_64.rpm
Then do small fix:
ln -s /usr/lib64/libdnet.so.1.0.1 /usr/lib64/libdnet.1
In order to install Snowl sensor, run:
dnf install -y https://snowl.io/download/snowl-sensor-1.7.1-1.x86_64.rpm
Then, you need to set rights for operation of Snowl-sensor with Snort (starting/stopping). For this purpose, run:
/opt/snowl-sensor/snowl-snort fix
This script will replace Snort owner group with snort group so that only members of the group could run Snort and will add a snowl user to the snort group.
5 Verify Installation
In order to verify correctness of installation, open the browser (Google Chrome or Mozilla Firefox are recommended) and type the following in the address bar:
You will see Snowl interface login page. (Reminder: By default, your user name and password are equal to admin and 123456 respectively. We
recommend that you change the credentials after the first logging in to the system. To do that, follow instructions in section 4.6.2, “Changing User’s Personal Data” in Snowl User’s Guide.)
After installation is completed, we recommend that you familiarize yourself with the article entitled First Steps after Installation.
If you have not found the operating system you need in the list of available operating systems, please contact us and we will form, test and upload installation packages on the website.