Install the Snort package via System -> Package Manager -> Available Packages.
Go to Services -> Snort -> Snort Interfaces -> WAN Settings:
- Interface: LAN
- Description: LAN
- Save
Services -> Snort -> Global Settings
- Check Enable Snort VRT
- Put Snort Oinkmaster Code
- Check Enable ET Open
- Check Enable OpenAppID
- Check Enable RULES OpenAppID
- Update Interval: 1 DAY
- Save
Updates
- Click Update Rules
Now the fun begins to carefully monitor your logs as Snort will block a lot of things and you need to add suppression lists to get rid of the false positives.