Introduction

Have you ever wondered how weak technology companies stay in business? Why some companies decide to implement inferior products, especially those that are purchased to protect an organization s data? Or how substandard new products gain market share? The answers are abundant, but time and time again a common theme surfaces. Reporting has always been a key component to deal makers and breakers. Gathering and correlating data is only half the technology product equation; the other half is comprised of data presentation and reporting. Manually categorizing and analyzing data can be an extremely time-consuming and resource-intense process; therefore, any technology that enables the user and lessens the resource requirement is beneficial.

The Snort development team acknowledged this business driver with the creation of an open Output Plug-In application programming interface (API). Snort output plug-ins, also referred to as Snort output modules, were introduced in version 1.6. The introduction of output plug-ins officially completed Snort s inauguration into the elite group of enterprise-class Intrusion Detection Systems (IDSs). Output plug-ins provide administrators the ability to configure logs and alerts in a manner that is easy to understand, read, and use in their organization s environment. For example, if Acme Widgets uses MySQL databases to store all corporate and client information, we can assume that Acme Widgets has a good amount of in-house knowledge of MySQL. Therefore, it makes sense that Acme would also want its Network IDS (NIDS) logs and alerts to be stored in a MySQL database or even in a different...