Snort mailing list archives
Re: packet loss
From: Jose Maria Lopez <jkerouac () bgsec com>
Date: 29 Sep 2004 22:09:44 +0200
El mar, 28 de 09 de 2004 a las 16:13, Larry Wichman escribió:
In the course of my testing of Snort I have averaged about 40% packet loss. I am running Snort on Fedora. The segment I am monitoring is 100 mb and is very busy. Does anyone have any recommendations for tuning Snort to not drop so many packets? Is there any recommendations for hardware? The CPU is running at about 40% and the memory looks fine. ~Larry
First thing you should do it's to check the rules you are using and remove the ones that don't apply to your system or are not useful to you. Tunning the rules will give you a performance boost. Second thing it's logging in binary format instead of logging in ascii format. You can use then barnyard to generate the logs in ascii format or log to a database. That will be another huge performance boost. -- Jose Maria Lopez Hernandez Director Tecnico de bgSEC jkerouac () bgsec com bgSEC Seguridad y Consultoria de Sistemas Informaticos http://www.bgsec.com ESPAÑA The only people for me are the mad ones -- the ones who are mad to live, mad to talk, mad to be saved, desirous of everything at the same time, the ones who never yawn or say a commonplace thing, but burn, burn, burn like fabulous yellow Roman candles. -- Jack Kerouac, "On the Road" ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- packet loss Larry Wichman (Sep 28)
- Re: packet loss sekure (Sep 28)
- Re: packet loss Matt Kettler (Sep 28)
- RE: packet loss Marc Norton (Sep 29)
- Re: packet loss Jose Maria Lopez (Sep 29)