Chapter 11. Real-Time Alerting

Snort is built to perform one task and perform it very well. It does a magnificent job of detecting intrusions. Anything beyond intrusion detection is left up to the IDS analyst to handle. It is expected that you will add the features that make the IDS a truly pragmatic application. You have traveled down this road already, with the creation of an intrusion database to store alerting information and the installation of ACID to manage the collected data. Another powerful feature that should be added to Snort is real-time alerting.

Real-time alerting is a feature of an IDS or any other monitoring application that notifies a person of an event in an acceptably short amount of time. The amount of time that is acceptable ...

Get Intrusion Detection with Snort now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.