Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort rules questions

From: "Sloan Miller" <sloanm () mindspring com>
Date: Tue, 2 Oct 2001 23:17:13 -0700
Sorry about that I should have mentioned that I am running snort on a DSL
connection.  This is my home network.  Not a great deal of traffic.  The box
is not running X,  it was running apache but I disabled it to free up more
RAM to see if there was an effect.  I am running the full set of snort rules
from snort.org  If I remember correctly it is over 100 about 108 or so.


----- Original Message -----
From: "John Sage" <jsage () finchhaven com>
To: "Sloan Miller" <sloanm () mindspring com>
Cc: "Snort-Userst@Lists. Sourceforge. Net"
<snort-users () lists sourceforge net>
Sent: Tuesday, October 02, 2001 10:47 PM
Subject: Re: [Snort-users] Snort rules questions



Sloan:

I'm running snort-1.8.1-RELEASE on RHL 6.2 on a Pentium 150 with 96mb
ram, -b binary logging all traffic on my external interface, a low
volume dialup.

top shows snort at 1.4% memory usage.

This box is also running an ipchains-based firewall, a caching-only
nameserver, apache, emacs... but I'm *not* running X..

What sort of connection are you watching?
What else is running? X? Get rid of it; the cli is your friend.

How many rules?

Snort sez I've got about 95...

- John

--
John Sage
FinchHaven, Vashon Island, WA, USA
http://www.finchhaven.com/
mailto:jsage () finchhaven com
"The web is so, like, five minutes ago..."


Sloan Miller wrote:


I built snort 1.8.1 with the new rules on linux 7.1.  I started it and
it ran fine for about 12 hours with many alerts.  Now it will not alert
but very rarely about once every 12 hours.  I know there is more
activity but for some reason snort does not or will not pick it up.
Could it be my hardware.  I am running it on an old pentium 100 Mhz box
with 40 MB of RAM.  Is this hardware grossly inadequate.  I have been
monitoring the space in RAM that snort is using and it remains around 15
% of the system RAM.  I read the FAQ but I am hesistant to remove any of
the rules unless absolutely necessary.



1.  Is my RAM inadequate?

2.  Does my Processor play a bigger role with snort?

3.  If I need to remove some rules can anyone make any recommendations.





_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: