From the course: Data-Driven Network Security Essentials
Unlock the full course today
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Collect IDS and IPS data
From the course: Data-Driven Network Security Essentials
Collect IDS and IPS data
- [Instructor] Snort is a popular solution for both intrusion protection and prevention. It can even run in a packet sniffer mode when its detection and prevention capabilities are turned off. When running it in its sniffer mode Snort can store the captured packets in the pcap format. As an intrusion detection and prevention system, Snort can either generate a log file or forward its alerts to log servers such as syslog-ng. Whether they're stored in a file or forwarded, the Snort alerts have the following basic format. The first number in the square brackets is the generator ID showing which part of Snort created the alert. The second number is the signature ID tied to a Snort rule activating the alert. The third number is the revision ID used to tell how many revisions have been made since the Snort rule was created. You can also record packet header information that triggered the alert and contains information such as timestamp, source IP and port, and destination IP and port as…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.