Chapter 3. Dissecting Snort
The cliché your grammar school teachers told you, “It's what's on the inside that counts!” still applies in the real world. Snort contains many configurable internal components that can vastly influence false positives and negatives as well as general packet logging performance. Knowledge of Snort's internals is required to make Snort run and monitor for intrusions effectively. Snort is a powerful application, but it takes a little more in-depth research on your part than other, less potent, IDSs. Understanding the function of these internal components will help you customize Snort to your network and help you avoid some of the common Snort pitfalls.
Snort can be divided into five major components that are each critical ...
Get Intrusion Detection with Snort now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
