You know that Snort is an intrusion detection system, but how does it detect intrusion?
You probably don't want everyone on your system running Snort, regardless of all the security hoops some programs make you jump through.
So you should either run Snort as a packet logger in a window you can minimize and ignore, or better yet, as a long-running process (perhaps as a daemon or system process).
Snort is arguably the best and easiest-to-use, as well as (certainly) the cheapest, intrusion detection system you'll find.
Note: This article is not really focused on Snort from the system administrator's point of view.
There are several steps you need to take after your installation is complete to make sure Snort is running on your system and is behaving properly.
在完成安装之后,您需要采取几个步骤,确保Snort 可在系统上正常运行。
It must be said that Snort is really a tool that falls firmly in the domain of the system and network administrator.
In the last article, you learned what Snort is, and how to get it installed and running on your system. You also saw that Snort performs three critical and fundamental functions.
Now, you're ready to run Snort. It may seem like a lot of work, but this sort of configuration is fairly common for network - and system-related tools.
For added security, consider installing and configuring an Intrusion Detection System (IDS), such as Snort, on each machine.
For added security, consider installing and configuring an Intrusion Detection System (IDS), such as Snort, on each machine.