This network intrusion detection and prevention system excels at traffic analysis and packet logging on IP networks. Through protocol analysis, content searching, and various pre-processors, Snort detects thousands of worms, vulnerability exploit attempts, port scans, and other suspicious behavior. Snort uses a flexible rule-based language to describe traffic that it should collect or pass, and a modular detection engine. Also check out the free Basic Analysis and Security Engine (BASE), a web interface for analyzing Snort alerts.
While Snort itself is free and open source, parent company SourceFire offers their VRT-certified rules for $499 per sensor per year and a complementary product line of software and appliances with more enterprise-level features. Sourcefire also offers a free 30-day delayed feed.
For downloads and more information,
visit the Snort homepage.
First i'm a Chinese my English is not good
I have some questions with snort unified2 output
my snort unified2 output files are empty!
but if i don't use unified2 outpt, log files are not empty
I want to use barnyard2 to put log files into DB
because of the empty unified2 files now i can't do it
please help me thanks
Sourcefire does a great job maintaining this. I use it daily and it provides a great deal of insight as to what takes place on my network.
Along with your rating, you can use the comment form to post a review,
tutorial, tips and tricks, or anything else others will find useful.
If you develop this software (or work for the company), please don't rate it. You may leave a clarifying comment as long as you state your affiliation and don't specify a star rating (just leave it as “No rating”).