Snort mailing list archives
RE: FW: Two questions...
From: "Wayne Work" <wwork () cybergnostic com>
Date: Thu, 25 Oct 2001 09:08:09 -0400
I am not sure I would BASH Linux so quick. BSD as well as it's moments but ask IBM (ya, the Big BLUE) about why they are advertising and placing LINUX on servers, appliances and AS/400 machine. Geee!!! Go figure??? -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Bob Walder Sent: Thursday, October 25, 2001 8:08 AM To: 'Grimes, Shawn (NIA/IRP)'; snort-users () lists sourceforge net Subject: RE: [Snort-users] FW: Two questions... Actually, perhaps I should quickly modify my earlier caustic comments re Linux and IDS to say that Linux sucks OUT OF THE BOX - there are things that can be done to improve performance (the right drivers and some parameter tweaks for example), but I still prefer BSD for running Snort. Regards, Bob -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Grimes, Shawn (NIA/IRP) Sent: 25 October 2001 04:03 To: 'snort-users () lists sourceforge net' Subject: [Snort-users] FW: Two questions... Alright I have two questions that I haven't been able to find answers for. Or at least answers that were satisfying. Sorry if these are being repeated but I didn't see anything in any of the forums or any of the recent messages to this group. First the details: Redhat linux 7.2 on a dual 1.3 GHz PIII w/ 1 Gig of RAM Snort Version 1.8.1-RELEASE (Build 74) dumping to a MySQL database using the latest stable release 1). Snort keeps logging two entries of each alert. There is definately only one instance of snort running, and there is only one interface that it's monitoring/active. Has anyone had similar problems? 2). I'm on a network with probably 1,000 nodes. The traffic ranges anywhere from 5Mbit/sec and I've seen as high as 20Mbit/sec. The CPU utilization of SNORT is up to 99% constantly. And I'm getting significant packet losses as you can imagine. Is this too high of a demand for SNORT? If not, what are some ways I can lower the CPU usage and increase the amount of packets SNORT can handle? Thanks for any suggestions. Thank You, Shawn Grimes NCTS Gerontology Research Center 410-558-8007 grimessh () grc nia nih gov _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- FW: Two questions... Grimes, Shawn (NIA/IRP) (Oct 24)
- <Possible follow-ups>
- RE: FW: Two questions... Bob Walder (Oct 25)
- RE: FW: Two questions... Bob Walder (Oct 25)
- RE: FW: Two questions... Wayne Work (Oct 25)
- RE: FW: Two questions... Bob Walder (Oct 25)
- Re: FW: Two questions... J. C. Woods (Oct 25)
- RE: FW: Two questions... Bob Walder (Oct 25)
- RE: FW: Two questions... Grimes, Shawn (NIA/IRP) (Oct 25)
- Re: RE: FW: Two questions... Martin Roesch (Oct 25)