2 vCPU

2048GB memory

32GB storage

Download snort and daq RPM's from https://www.snort.org/downloads

Verify MD5 sum, for example:

md5sum snort-2.9.7.2-1.centos7.x86_64.rpm
163d62f7dab09c241f6f6e61228a8299  snort-2.9.7.2-1.centos7.x86_64.rpm

Install RPM's:

yum install ./daq-2.0.4.RH7.x86_64.rpm
yum install snort-2.9.7.2-1.centos7.x86_64.rpm

Install requirements:

yum install perl-libwww-perl perl-Crypt-SSLeay perl-Archive-Tar perl-Sys-Syslog perl-LWP-Protocol-https

Download tar.gz from https://code.google.com/p/pulledpork/

Extract:

tar zxvf pulledpork-0.7.0.tar.gz

Install:

cd pulledpork-0.7.0/
mkdir -p /opt/pulledpork/{bin,etc}
cp pulledpork.pl /opt/pulledpork/bin ; chmod 755 /opt/pulledpork/bin/pulledpork.pl
cp etc/* /opt/pulledpork/etc/

Edit /opt/pulledpork/etc/pulledpork.conf, and add oinkcode.

Verify:

 ./pulledpork.pl -vv -c /opt/pulledpork/etc/pulledpork.conf -T -l

Add to cron-daily:

/opt/pulledpork/bin/pulledpork.pl -c /opt/pulledpork/etc/pulledpork.conf

Make directory:

mkdir /opt/trafr
cd /opt/trafr

Download:

wget http://www.mikrotik.com/download/trafr.tgz
tar zxvf trafr.tgz

Install 32 bit libraries:

yum install glibc-2.17-78.el7.i686

Enalble steaming:

/tool sniffer set filter-stream=yes streaming-enabled=yes streaming-server=<ip_of_the_server>
/tool sniffer start

Test:

./trafr -s | tcpdump -r - -n
./trafr -s | /sbin/snort -r -