C
H A P T E R
4
Plugins, 
Preprocessors and 
Output Modules
reprocessors and output modules are two important parts of Snort
P
architecture. Preprocessors process received data packets before
rules are applied to them. Output modules control output generated from
Snort's detection mechanism. The flow of a packet through Snort is
shown in Figure 4 1 where a packet is captured and then passed through
preprocessors first. After that, the packet goes to the Snort detection
engine where Snort rules are applied on the packet. As a result of applica 
tion of Snort rules, if an alert or log message is generated, output proces 
sors or plug ins operate on that output. The output of configured output
modules is then used by the security administrators.
Snort allows you to select which preprocessors and output modules
should be enabled. From a user standpoint, this is done through the Snort
configuration file snort.conf. Preprocessors and Output modules are
also called plug ins in some literature. So for the sake of this book  input
plug in ,  input module  and  preprocessor  mean the same thing. Simi 
larly,  output plug in  and  output module  mean the same thing. This
chapter provides information about these components and their internal
working. This information will help you write good rules for Snort.
131






footer




 

 

 

 

 Home | About Us | Network | Services | Support | FAQ | Control Panel | Order Online | Sitemap | Contact

toronto web hosting

 

Our partners: PHP: Hypertext Preprocessor Cheap Web Hosting JSP Web Hosting Ontario Web Hosting  Jsp Web Hosting

Cheapest Web Hosting Java Hosting Cheapest Hosting

Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved