diff --git a/snort/Dockerfile b/snort/Dockerfile
index f1fc6de..3696df1 100644
--- a/snort/Dockerfile
+++ b/snort/Dockerfile
@@ -10,7 +10,7 @@ ENV SNORT_URL=https://www.snort.org/downloads/snort/snort-${SNORT_VERSION}-1.cen
 ENV RULES_URL=https://www.snort.org/downloads/community/community-rules.tar.gz
 
 RUN set -xe \
-    && yum -y install epel-release libdnet \
+    && yum -y install epel-release jq libdnet \
     && yum -y install ${SNORT_URL} \
     && mkdir -p /etc/snort/rules \
     && curl -sSL ${RULES_URL} | \
diff --git a/snort/data/u2json.conf b/snort/data/u2json.conf
index a04dcb3..5b3feb0 100644
--- a/snort/data/u2json.conf
+++ b/snort/data/u2json.conf
@@ -2,6 +2,6 @@
 --directory=/var/log/snort
 --prefix=snort.alert
 --follow
---bookmark
+--bookmark=/var/log/snort/u2json.mark
 --delete
 --output=/var/log/snort/alert.json