[Snort-users] Newbie question, Diff between SnortSnarf & Acid

Leigh David Heyman leigh at ...5300...
Tue Mar 19 06:03:03 EST 2002


Hi Ronald,
I'm not sure that there's any single source which compares the two, but in 
short, they're very different due to the source of the data that they're 
presenting.  SnortSnarf parses raw (binary or text) log/alert files from snort 
into an html result.  ACID and Demarc are PHP front-ends which pull their data 
from a relational database (mysql,postgresql, others?) backend, this relies on 
using snort's database output plugin.

I guess it all depends on how complex your IDS needs are.

I think the best advice is to run them both and see what best meets your needs 
(unless you don't want to install/run/configure a sql database, in which case, 
just stay with SnortSnarf)

-Leigh





More information about the Snort-users mailing list