Re: snort 1.9.0 memleaking ?

[Erek Adams <erek () theadamsfamily net>]

On Thu, 28 Nov 2002 pilsl () goldfisch at wrote:

> Any place to find "reasonable" numbers for these settings.

The honest answer is: no.  I wish I did, but I really don't have any
numbers to hand you.

> I have two snort-daemons and each one (in default-config) eats up to
> 60MB Ram which is imho too much.  If I reduce them to 10MB : would this
> decrease securitylevel then cause less conversations can be monitored ?

Well...  By lowering the memcaps you don't affect anything but stream4,
conversation, and portscan2 (IIRC).  It's hard to say...  You're not
really decreasing security, you're actually increasing the chances of
missing something.  Yes, I know--It might as well be the same thing.  :)

> And after all : what values should I set to gain maximum performance and
> using not more than 10-15MB. (Or do I ask for the impossible ?)

hrm...  I don't know.  If you have some full tcpdumps (all packets on the
network) that you could run thru snort and check it with different
numbers.

Sorry I'm not more help!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net



-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T 
handheld. Power & Color in a compact size! 
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users