Snort mailing list archives
Re: [Emerging-Sigs] lots or rules loaded and snort performance
From: Jason Wallace <jason.r.wallace () gmail com>
Date: Fri, 5 Nov 2010 21:14:04 -0400
The concept is still valid, but I ditched my custom scripts as well when pulledpork added this functionality (actually it was my feature request ;) ). One of the good things about PP is you can also restrict your search to things like cve's, MS numbers, or reference entries. thx, wally On Fri, Nov 5, 2010 at 5:54 PM, Pedro Marinho <pppmarinho () gmail com> wrote:
OK thank you very much.. 2010/11/5 Rodrigo Montoro(Sp0oKeR) <spooker () gmail com>I'd suggest you to read those urls bellow: http://www.snort.org/assets/126/WhitePaper_Snort_PerformanceTuning_2009.pdf http://blog.joelesler.net/2010/04/fun-with-profile_rules.html About Host Attribute Table is a good read/understand to specially if you are using rules that uses metadata field. http://global-security.blogspot.com/2010/09/pig-doktah-is-born.html http://global-security.blogspot.com/2010/10/haz-drowning-rat-pulledpork-050-is-now.html Hope it helps! Regards,_______________________________________________ Emerging-sigs mailing list Emerging-sigs () emergingthreats net http://lists.emergingthreats.net/mailman/listinfo/emerging-sigs Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs and Lanyards http://www.emergingthreats.net/index.php/support-et-and-buy-et-schwag.html
------------------------------------------------------------------------------ The Next 800 Companies to Lead America's Growth: New Video Whitepaper David G. Thomson, author of the best-selling book "Blueprint to a Billion" shares his insights and actions to help propel your business during the next growth cycle. Listen Now! http://p.sf.net/sfu/SAP-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- lots or rules loaded and snort performance Pedro Marinho (Nov 05)
- Message not available
- Re: [Emerging-Sigs] lots or rules loaded and snort performance Pedro Marinho (Nov 05)
- Message not available
- Message not available
- Re: [Emerging-Sigs] lots or rules loaded and snort performance Pedro Marinho (Nov 05)
- Re: [Emerging-Sigs] lots or rules loaded and snort performance Jason Wallace (Nov 05)
- Re: [Emerging-Sigs] lots or rules loaded and snort performance Pedro Marinho (Nov 05)