命令参数
snort -A full
-pcap-dir 'APPRecognize/Cert/test_sample'
-c /etc/snort/snortmy.conf -l APPRecognize/snort_log/
-A Set alert mode: fast, full, console, test or none (alert file alerts only)
-c <rules> Use Rules File <rules>
--pcap-dir <dir> a directory to recurse to look for pcaps - read mode is implied.