The Hybrid Server/Sensor
Installing the hybrid server/sensor collapses all the Snort components for both the server and sensor onto a single computer. There is nothing inherently wrong with the hybrid setup; the end result is nearly the same as the distributed installation. Some benefits of a distributed Snort deployment must be given up, though, to create a hybrid server/sensor.
The hybrid makes your Snort installation much more difficult to scale. Placing intrusion monitoring throughout different locations in your network infrastructure becomes a hassle. Rather than simply install a sensor image on a new machine and insert a monitoring segment, you must find a way to bring the monitored network to the hybrid Snort machine. This may be as simple ...
Get Intrusion Detection with Snort now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
