Snort mailing list archives

Snort rules questions

From: "Sloan Miller" <sloanm () mindspring com>
Date: Tue, 2 Oct 2001 21:14:39 -0700

I built snort 1.8.1 with the new rules on linux 7.1.  I started it and it ran fine for about 12 hours with many alerts. 
 Now it will not alert but very rarely about once every 12 hours.  I know there is more activity but for some reason 
snort does not or will not pick it up.  Could it be my hardware.  I am running it on an old pentium 100 Mhz box with 40 
MB of RAM.  Is this hardware grossly inadequate.  I have been monitoring the space in RAM that snort is using and it 
remains around 15 % of the system RAM.  I read the FAQ but I am hesistant to remove any of the rules unless absolutely 
necessary.

1.  Is my RAM inadequate?
2.  Does my Processor play a bigger role with snort?
3.  If I need to remove some rules can anyone make any recommendations.

Current thread:

Snort rules questions Sloan Miller (Oct 02)
- Re: Snort rules questions John Sage (Oct 02)
  - Re: Snort rules questions Sloan Miller (Oct 02)
    - Re: Snort rules questions John Sage (Oct 03)
    - Re: Snort rules questions Erek Adams (Oct 03)
    - Re: Snort rules questions Sloan Miller (Oct 03)
    - Re: Snort rules questions Erek Adams (Oct 03)
    - Re: Snort rules questions Brian (Oct 03)
    - Re: Snort rules questions Erek Adams (Oct 03)
    - Re: Snort rules questions John Sage (Oct 04)
    - RE: Snort rules questions Franki (Oct 04)

(Thread continues...)