O'Reilly logo

Intrusion Detection with Snort by Jack Koziol

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Distributed Snort Architecture

It would present a real problem if gigabytes of data had to be stored on the same physical box that Snort was running on. Fortunately, Snort uses an n-tier architecture. N-tier architectures are fairly common. Large applications are rarely handled by one application on one box; scalability and security are chief concerns with a single tier architecture. Snort is most typically installed in a 3-tier architecture, but is flexible enough to accommodate a single-tier (the hybrid sensor/server) to four tiers (departmental clusters).

First Tier—The Sensor Tier

The first tier, known as the sensor tier, is where network traffic passes to be monitored for intrusions. The sensor acts like a digital vacuum: It grabs packets ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required