Snort mailing list archives
Re: Same config, FreeBSD vs OpenBSD, WAY different results
From: Jim Brown <jpb () sixshooter v6 thrupoint net>
Date: Sun, 12 Oct 2003 21:52:46 -0400
* Erek Adams <erek () snort org> [2003-10-12 17:52]:
On Sun, 12 Oct 2003, Jim Brown wrote:Re: Version 2.0.2 (Build 92) The two systems listed have the same config: The OpenBSD system routinely logs more than 5000 entries while the FreeBSD system logs less than 600 entries. The two systems are on the same subnet. Can anyone tell me why OpenBSD logs far more snort entries with the same config???[...snip...] Good info. Glad someone took note. :) Well.... The one thing you don't tell us is the hardware design of your network. If these are off of the same set of mirror/SPAN ports, then something is odd. If they are both plugged into the same 'auto sensing hub' then make sure both are running at the same speed and see Snort FAQ #6.21 [0]. If they are on a unmanaged switch, then you're only seeing the traffic headed to each box.
These two boxes sit on identical ports on the same switcn - no mirroring or spanning. The IP addresses are next to each other- so anyone doing a subnet scan would (presumably) hit both. FBSD is 4.8-STABLE, OBSD is 3.3 I'd really like to figure this out. It just seems odd that the OBSD system would have over 10 times the amount of logged entries. Is there any other info I can provide that would help? Best Regards, jpb === ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Same config, FreeBSD vs OpenBSD, WAY different results Jim Brown (Oct 12)
- Re: Same config, FreeBSD vs OpenBSD, WAY different results twig les (Oct 12)
- Re: Same config, FreeBSD vs OpenBSD, WAY different results Erek Adams (Oct 12)
- Re: Same config, FreeBSD vs OpenBSD, WAY different results Jim Brown (Oct 12)
- RE: Same config, FreeBSD vs OpenBSD, WAY different results Michael Steele (Oct 12)
- Re: Same config, FreeBSD vs OpenBSD, WAY different results Stephen W. Thompson (Oct 12)
- Re: Same config, FreeBSD vs OpenBSD, WAY different results Jim Brown (Oct 12)
- Re: Same config, FreeBSD vs OpenBSD, WAY different results Jim Brown (Oct 13)
- <Possible follow-ups>
- Re: Same config, FreeBSD vs OpenBSD, WAY different results scheidell (Oct 13)
- Re: Same config, FreeBSD vs OpenBSD, WAY different results Josh Berry (Oct 13)