Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: snort performance vs traffic

From: Erek Adams <erek () theadamsfamily net>
Date: Tue, 9 Jul 2002 09:32:56 -0700 (PDT)
On Tue, 9 Jul 2002, Tim Prendergast wrote:


I'm running Snort 1.8.6 (build 105) on Redhat 7.1, 2x9.1 scsi disks,
P3-500 w/ 256mb memory (Dell Poweredge 1300).


Ok, to be honest--Try an upgrade to 1.8.7.  See if that makes a difference.
If that's not possible, here are some other factors:

        Number of rules--Have you tuned the rulesets for your network?
        $HOME_NET--What do you have defined for that?
        $EXTERNAL_NET--What's defined here as well?
        Regex--Are you trying to use any rules with regex in them?

If you can upgrade, keep a copy of your rules, snort.conf and snort binary.
That way, if you need to "roll back" quickly you can.

There were a few changes to snort.conf so you'll want to be sure to read the
new comments.  Diff is your friend!  :)

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Stuff, things, and much much more.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: