Snort 3 – System Architecture and Functionality
Snort 3 is a significant milestone in the evolution of the Snort IDS/IPS project. Snort 3 was under development for a long time and has finally come to reality and general availability. In the last chapter, we discussed the evolution of Snort from inception till now – from version 1.0 to version 2.9. Compared to Snort 2.0, the number of changes introduced in Snort 3.0 is significantly higher; in other words, Snort 3.0 is a giant evolutionary leap in Snort’s growth. Snort 3.0 introduces changes to rule syntax and language that are not compatible with previous Snort versions; it introduces Lua-based configuration that is not compatible with Snort 2.x. In addition, there are key architectural changes to the system to make it highly modular and push the limits of a high-speed IDS/IPS. In this chapter, we will discuss the following topics:
- Design goals
- Key components
- Snort 3 system architecture
First...
