Re: Fine tuning Snort

[waldo kitty <wkitty42 () windstream net>]

On 10/7/2010 14:02, James Lay wrote:
> Kevin and Waldo, you gents are treasures…I will get to work and report my
> results…thank you much!

something else to thing about concerning rules that you would just totally 
suppress in threshold.conf... if they are completely suppressed then you might 
as well comment them out of the rules set so they do not consume any memory and 
snort won't waste any time loading them just to be ignoring them... but i guess 
this also depends on your tools and management systems... some may use only 
threshold to "disable" rules where others may actually comment them in the rules 
sets files... personally, i think the threshold file is best to suppress certain 
rules for certain IPs... total suppression is the same as disabled so... ;)

------------------------------------------------------------------------------
Beautiful is writing same markup. Internet Explorer 9 supports
standards for HTML5, CSS3, SVG 1.1,  ECMAScript5, and DOM L2 & L3.
Spend less time writing and  rewriting code and more time creating great
experiences on the web. Be a part of the beta today.
http://p.sf.net/sfu/beautyoftheweb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users