Snort mailing list archives
RE: A general query regarding snort.
From: "Robert D. Hughes" <rob () robhughes com>
Date: Sun, 28 Oct 2001 08:41:56 -0600
Ahsley, If you're running 1.8.1 or later, you should set your alert options within the snort.conf, not on the command line. If you want to find out how many rules snort is loading, run ./snort -T and you'll get the full diagnostics output. Yes, loading more rules does cause snort to work harder, but I'm running a pretty full rule set (1066 rules with all pre-processors on) on a PII 333 and snort uses relatively little processor given that I have a multi-megabit connection. On my FreeBSD box, natd actually takes up more time. -----Original Message----- From: ashley thomas Sent: Fri 10/26/2001 8:53 PM To: snort-users () lists sourceforge net Cc: Subject: [Snort-users] A general query regarding snort. hi, When snort is run in IDS mode which is the most usual and fast way to run ? I am running as: snort -b -A fast -c snort.conf I want snort to run as fast as possible. What is the average number of rules that users loads on snort ? As the number of rules is increased, load on snort increases ,right ? Any information is welcome. thanks a lot ashley _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
<<winmail.dat>>
Current thread:
- A general query regarding snort. ashley thomas (Oct 27)
- Re: A general query regarding snort. Martin Roesch (Oct 27)
- <Possible follow-ups>
- RE: A general query regarding snort. Robert D. Hughes (Oct 28)