![snort logo](/images/snort-logo.png)
Snort mailing list archives
Snort on networks with heavy load.
From: John-Magne Bredal <bredal () stud ntnu no>
Date: Mon, 4 Feb 2002 10:51:05 +0100 (CET)
Hi. I am in my final year in my university education, and are currently working with security. Right now I am working with Snort, trying to get it to send a reasonable number of alerts on our high-speed network. We have about 12000 computers connected to it, so needless to say it is a LOT of things going on there. I wonder if there are any other Snort-users that have any experience in using Snort on heavily loaded networks? I would be glad to get some advice on this matter. What have other people who are in the same situation done? How to decrease the number of alerts? Are there any software/projects developed that in any way that manages the high load? How to avoid spamming the users with alerts? Currently I have removed a lot of signatures, and Snort is not getting all our traffic. I am logging to a Mysql db, and using ACID as web-frontend (which is SLOW btw). The number of daily alerts is between 5k and 10k. Any help on the subject is greatly appreciated! -- John Magne Bredal Student ved NTNU - Telematikk http://www.stud.ntnu.no/~bredal bredal () stud ntnu no "Just because you're paranoid, doesn't mean they're not after you." _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort on networks with heavy load. John-Magne Bredal (Feb 04)
- Re: Snort on networks with heavy load. Chris Keladis (Feb 04)
- <Possible follow-ups>
- Re: Snort on networks with heavy load. Thomas Springer (Feb 04)
- RE: RE: Snort on networks with heavy load. John-Magne Bredal (Feb 04)