Re: Snort's architecture

[dandantheitman <dandantheitman () gmail com>]

You could always argue that snort can also output to a database, as well as
a file or an alert, but most of your security analysts are going to prefer
that you don't do that, as then snort is stuck performing database inserts,
which in and of themselves can be pretty CPU intensive.

Tony is spot on,nothing has really changed that much from a high level.

Dan


On 6 September 2012 19:48, Tony Robinson <deusexmachina667 () gmail com> wrote:

> As far as I can tell Pratik,
>
> The diagram presented is actually pretty well put together and will give
> you an idea as to how packets generally flow through snort and end with
> dropped packets/alerts. To answer your question, no, in terms of this
> diagram, nothing has really changed. this diagram is spot-on for a high
> level overview.
>
> Cheers,
>
> DA_667
>
> On Wed, Sep 5, 2012 at 7:04 AM, Pratik Narang <pratik.cse.bits () gmail com>wrote:
>
> > I saw this diagram of Snort's architecture in one of the research papers
> > i was going through. Could someone care to tell if the architecture they
> > give here is the same which Snort actually has currently or whether Snort
> > has undergone certain changes?
> > The diagram-
> >
> > [image: Inline image 1]
> >
> >
> > ------------------------------------------------------------------------------
> > Live Security Virtual Conference
> > Exclusive live event will cover all the ways today's security and
> > threat landscape has changed and how IT managers can respond. Discussions
> > will include endpoint security, mobile security and the latest in malware
> > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest
> > Snort news!
>
>
>
> --
> when does reality end? when does fantasy begin?

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!