Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 158 Meg snort?

From: Frank <la () pasadena net>
Date: Thu, 10 Jan 2002 12:36:26 -0800 (PST)
I found the problem. Wrong preprocessors selected:

I disabled:

preprocessor defrag
preprocessor stream2: timeout 10, ports 21 23 80 110 143, maxbytes 16384

And enabled:

preprocessor frag2: 16777216, 10
preprocessor stream4: timeout 10, maxbytes 16384


And the problem was solved.

Frank




On Wed, 9 Jan 2002, Frank wrote:


I've run snort for two days on a very busy sensor. It now shows 158 Meg
size. When I restart it's 14 meg.


System info:

Snort compiled with mysql and snmp support.

snort -V

-*> Snort! <*-
Version 1.8.3 (Build 88)
By Martin Roesch (roesch () sourcefire com, www.snort.org)


Linux 2.4.7-10smp #1 SMP Thu Sep 6 17:09:31 EDT 2001 i686 unknown



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: