Chapter 7. Building the Sensor
This chapter is a complete guide to deploying a Snort sensor. The Snort application itself is installed on the sensor. The sensor collects data from the monitored segment by sniffing packets. The packets are then fed directly into the Snort application. Snort interprets the nature of sniffed packets and generates alerts when suspicious activity is detected. The alerts are then posted to the Snort server. In the following installation, you will be logging to the Snort Unified format. You will then configure Barnyard to continuously process the alerts created by Snort. Barnyard will post alerts into the MySQL database residing on the Snort server. Sensors must be connected to the same network segments to be monitored ...
Get Intrusion Detection with Snort now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
