"The following article does not cover Snort in great
detail. Snort is a large program in terms of its available options,
and would take several articles to cover comprehensively. Instead,
here is a brief overview of the program, and some of its options.
After a quick review of the above alert log excerpt, I was able
to determine easily that Snort did indeed pick up my port scan from
nmap. This is an excellent first step in noticing intrusion to the
system.
After further review, I found that if you run Snort without any
options, you are running in Packet Logger Mode. The packet logger
mode will log all of the packet information to the log directory,
and unless you enjoy reading lots of TCP/IP packet information, I
don't suggest this option. Also, if you would like to see a summary
of traffic on the network in real time, you can use the -v option.
The -v option will print all TCP/IP headers to the screen."