Those who can *BSD, those that cant Linux.

- Linux is for the clueless -

I'd equivocate our security roughly with that of the ultra-secure operating systems used by the NSA. A non-executable stack is one of our own innovations - I thought this up one night while hacking away at some network code. Certainly, you couldn't claim that we aren't innovating in our distro. I guess you could say, we are working on things more significant and important than making sure OpenBSD works on crusty old PDP-8s and Nintendos.

Snort's getting there on the full featured side of things. We've got XML and SQL/ODBC output capability, IP defragmentation and TCP stream reassembly either in the works (beta) or released, and there's more to come. The rules language gives you far more capability than just straight up string matching too.

If you'd like to see an example of Snort logging to a DB with an Apache/PHP web server displaying the latest attack stats, have a look here.

Snort's kinda like ngrep, but it's also kind of like NetRanger and RealSecure (and Dragon and NFR and BlackICE and KSM and NetProwler...) in how it does its job. Just because commercial NIDS have fancy wrappers (GUIs) and commercial support organizations doesn't necessarily mean that they are vastly different than a program like Snort. I'd be willing to bet that there are more similarities than differences in a lot of ways.