Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Too little traffic being seen!

From: Matt Kettler <mkettler () evi-inc com>
Date: Wed, 23 Apr 2003 17:57:02 -0400
Try sending snort a kill -USR1 and look in your syslog logfiles to see if it's dropping packets. (yes, it WILL go to syslog, even if you're not using syslog logging for snort alerts)
If it is, disable spp_portscan2 and spp_conversation and try that. They chew up a lot of memory and add a lot of overhead for something that doesn't work well.
You might also want to run "top" and make sure you're not using a ton of swap memory. 

At 02:02 PM 4/23/2003 -0700, Adrian.Mink () pinnaclewest com wrote:
and when I fire up ethereal I can see the raw traffic so I know the data is getting to the system. Help? 



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: