Snort mailing list archives
Re: Snort's configuration
From: Paul Schmehl <pauls () utdallas edu>
Date: Wed, 03 May 2006 10:58:26 -0500
Santi Benito wrote:
You're going to get a lot more help if you tell us what OS you're running snort on - what version of snort you're running - what processor and how much memory your snort box has - etc., etc.Dear Snort users, I have written 3 times in snort`s users mailing list and anybody has answer my question and I am a little bit worried with my problem. I am analyzing real traffic with snort and I only use in snort.conf the rules referring to P2P and all the preprocessors active, when I replay traffic with tcpreplay at 100 Mb/s it drops the 96% of the packets and I have read that cancelling the preprocessors it could work better but it doesn`t. I don`t know how to change the memcap and also don`t know how to make snort to use libpcap with mmap that I have read that could be a good idea. Could anyone help me or say to me something?
Some of the folks here are pretty good. None of them are mind readers. -- Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas http://www.utdallas.edu/ir/security/
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Snort's configuration Santi Benito (May 03)
- Re: Snort's configuration Joel Esler (May 03)
- Re: Snort's configuration Paul Schmehl (May 03)