O'Reilly logo

Intrusion Detection with Snort by Jack Koziol

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Alerting via Output Plug-ins

Snort's output plug-ins are the means Snort has to get intrusion data from the detection engine to you. Like its preprocessors, Snort's outputting functionality is modular and plugable. Different skill levels, network configurations, and personal preferences will dictate which outputting mechanism is right for you. Snort supports everything from a raw binary tcpdump output to various relational database outputs.

Snort's outputs are not intended to be human-readable. They are logged in various formats that make intrusion data readily accessible to other applications or tools. Outputting can be done in these formats:

  • syslog

  • cpdump

  • Text Logfile

  • XML

  • Relational database

  • SNMP

  • Snort Unified

This gives the user freedom of choice ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required