Snort mailing list archives
A few questions regarding Solaris
From: Robert Riskin <freshbones () gmail com>
Date: Mon, 30 Aug 2010 07:54:07 -0400
Hey everyone, Just joined list, have been using Snort for the last year or so. I chose to run it on Solaris 10/8 because my HP box had Solaris drivers for the RAID controller and special NICs I got. I have a few questions regarding SO_RULES. Mainly, has anyone gotten them to compile on a Solaris build? I'm not successful at compiling them from scratch. I pay the subscription fee and I feel that I'm taking advantage of the subscription by not using the SO_RULES. Any help at all would be great! Also i'm running it on a heavily trafficed VLAN, lots of server and workstation traffic, to/from Internet, etc. I know that some alerts are being missed. I have tuned out a lot of the snort rulesets and use emerging markets and most of the malware rulesets. I still find myself missing alerts, for example i'll try and hit one of the RBN sites and sometimes Snort will trigger and alert and sometimes it won't. Is there anything I can do to make sure it captures everything without missing anything. My box has 10GB of Ram and 500GB 10k harddrives. So i'm not sure where the bottleneck is. I run snort 8.6 and barnyard 1 because 2 wouldn't compile correctly for me on Solaris; I run both of these in damon mode. Any help is greatly appreciated!! I was debating switching to a platform that has the SO_RULES ready to go, but i'm concerned that HP won't have drivers for that platform . . . running an HP ML370 G5 -Joe
------------------------------------------------------------------------------ Sell apps to millions through the Intel(R) Atom(Tm) Developer Program Be part of this innovative community and reach millions of netbook users worldwide. Take advantage of special opportunities to increase revenue and speed time-to-market. Join now, and jumpstart your future. http://p.sf.net/sfu/intel-atom-d2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- A few questions regarding Solaris Robert Riskin (Aug 30)
- Re: A few questions regarding Solaris waldo kitty (Aug 30)
- Re: A few questions regarding Solaris Mike Lococo (Aug 30)
- Re: A few questions regarding Solaris Robert Riskin (Aug 31)
- Re: A few questions regarding Solaris Mike Lococo (Aug 31)
- Re: A few questions regarding Solaris Robert Riskin (Aug 31)
- Re: A few questions regarding Solaris Mike Lococo (Aug 31)
- Re: A few questions regarding Solaris Robert Riskin (Aug 31)