C


H A P T E R


4


Plugins, 


Preprocessors and 


Output Modules


reprocessors and output modules are two important parts of Snort


P


architecture. Preprocessors process received data packets before


rules are applied to them. Output modules control output generated from


Snort's detection mechanism. The flow of a packet through Snort is


shown in Figure 4 1 where a packet is captured and then passed through


preprocessors first. After that, the packet goes to the Snort detection


engine where Snort rules are applied on the packet. As a result of applica 


tion of Snort rules, if an alert or log message is generated, output proces 


sors or plug ins operate on that output. The output of configured output


modules is then used by the security administrators.


Snort allows you to select which preprocessors and output modules


should be enabled. From a user standpoint, this is done through the Snort


configuration file snort.conf. Preprocessors and Output modules are


also called plug ins in some literature. So for the sake of this book  input


plug in ,  input module  and  preprocessor  mean the same thing. Simi 


larly,  output plug in  and  output module  mean the same thing. This


chapter provides information about these components and their internal


working. This information will help you write good rules for Snort.


131








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      toronto web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Java Hosting
Cheapest Hosting



Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved