Designing Your Snort Architecture

Snort is an incredibly flexible and extensible application. Although this is certainly a boon for Snort users, it also creates quite a quandary for the first-time user. Choosing the best architecture for Snort can be daunting: You want to ensure that you can successfully build a working Snort IDS without much difficulty, but you also want a system that you can use to organically scale the IDS as a greater need for intrusion monitoring develops.

As illustrated in Chapter 2, Snort supports an n-tier architecture. This book covers both a single-tier setup and a three-tier installation. Snort's functionality can be spread across multiple machines on different tiers to provide scalability, security, and performance. ...

Get Intrusion Detection with Snort now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.