Snort mailing list archives
Re: Snort's architecture
From: dandantheitman <dandantheitman () gmail com>
Date: Thu, 6 Sep 2012 21:29:45 -0400
You could always argue that snort can also output to a database, as well as a file or an alert, but most of your security analysts are going to prefer that you don't do that, as then snort is stuck performing database inserts, which in and of themselves can be pretty CPU intensive. Tony is spot on,nothing has really changed that much from a high level. Dan On 6 September 2012 19:48, Tony Robinson <deusexmachina667 () gmail com> wrote:
As far as I can tell Pratik, The diagram presented is actually pretty well put together and will give you an idea as to how packets generally flow through snort and end with dropped packets/alerts. To answer your question, no, in terms of this diagram, nothing has really changed. this diagram is spot-on for a high level overview. Cheers, DA_667 On Wed, Sep 5, 2012 at 7:04 AM, Pratik Narang <pratik.cse.bits () gmail com>wrote:I saw this diagram of Snort's architecture in one of the research papers i was going through. Could someone care to tell if the architecture they give here is the same which Snort actually has currently or whether Snort has undergone certain changes? The diagram- [image: Inline image 1] ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!-- when does reality end? when does fantasy begin?
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort's architecture Pratik Narang (Sep 05)
- Re: Snort's architecture Tony Robinson (Sep 06)
- Re: Snort's architecture dandantheitman (Sep 06)
- Re: Snort's architecture JJC (Sep 06)
- Re: Snort's architecture waldo kitty (Sep 07)
- Re: Snort's architecture Victor Roemer (Sep 07)
- Re: Snort's architecture waldo kitty (Sep 07)
- Re: Snort's architecture dandantheitman (Sep 06)
- Re: Snort's architecture Tony Robinson (Sep 06)