Snort mailing list archives

RE: A general query regarding snort.

From: "Robert D. Hughes" <rob () robhughes com>
Date: Sun, 28 Oct 2001 08:41:56 -0600

Ahsley,

If you're running 1.8.1 or later, you should set your alert options
within the snort.conf, not on the command line. If you want to find out
how many rules snort is loading, run ./snort -T and you'll get the full
diagnostics output. Yes, loading more rules does cause snort to work
harder, but I'm running a pretty full rule set (1066 rules with all
pre-processors on) on a PII 333 and snort uses relatively little
processor given that I have a multi-megabit connection. On my FreeBSD
box, natd actually takes up more time.



-----Original Message-----
From:   ashley thomas
Sent:   Fri 10/26/2001 8:53 PM
To:     snort-users () lists sourceforge net
Cc:     
Subject:        [Snort-users] A general query regarding snort.
hi,

When snort is run in IDS mode which is the most usual and fast way to
run ?
I am running as:

snort -b -A fast -c snort.conf

I want snort to run as fast as possible.

What is the average number of rules that users loads on snort ? As the
number of 
rules is increased, load on snort increases ,right ?

Any information is welcome.

thanks a lot
ashley


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

<<winmail.dat>>

Current thread:

A general query regarding snort. ashley thomas (Oct 27)
- Re: A general query regarding snort. Martin Roesch (Oct 27)
- <Possible follow-ups>
- RE: A general query regarding snort. Robert D. Hughes (Oct 28)