[Snort-users] Snort's architecture

dandantheitman dandantheitman at ...11827...
Thu Sep 6 21:29:45 EDT 2012


You could always argue that snort can also output to a database, as well as
a file or an alert, but most of your security analysts are going to prefer
that you don't do that, as then snort is stuck performing database inserts,
which in and of themselves can be pretty CPU intensive.

Tony is spot on,nothing has really changed that much from a high level.

Dan


On 6 September 2012 19:48, Tony Robinson <deusexmachina667 at ...11827...> wrote:

> As far as I can tell Pratik,
>
> The diagram presented is actually pretty well put together and will give
> you an idea as to how packets generally flow through snort and end with
> dropped packets/alerts. To answer your question, no, in terms of this
> diagram, nothing has really changed. this diagram is spot-on for a high
> level overview.
>
> Cheers,
>
> DA_667
>
> On Wed, Sep 5, 2012 at 7:04 AM, Pratik Narang <pratik.cse.bits at ...11827...>wrote:
>
>> I saw this diagram of Snort's architecture in one of the research papers
>> i was going through. Could someone care to tell if the architecture they
>> give here is the same which Snort actually has currently or whether Snort
>> has undergone certain changes?
>> The diagram-
>>
>> [image: Inline image 1]
>>
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!
>>
>
>
>
> --
> when does reality end? when does fantasy begin?
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120906/3ba059d0/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 23935 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120906/3ba059d0/attachment.png>


More information about the Snort-users mailing list