Snort mailing list archives
Re: Snort 2.0 dropping packets
From: Bennett Todd <bet () rahul net>
Date: Sun, 20 Apr 2003 13:20:20 -0400
Configure your snort to use -A fast -b. If that doesn't make your packet drops go away, then you'll need to do some real tuning; because, if that doesn't make your packet drops go away, you probably have to many alerts being fired that the cost of the alerting and logging is overwhelming your systems. You'll need to tighten things down so alerts aren't so frequent. If -A fast -b does fix your packet losses, then you can either building your reporting/monitoring/alerting/... around those outputs, or you can switch to barnyard, making sure you run the RDBMS on a different system from the snorts. -Bennett
Attachment:
_bin
Description:
Current thread:
- Snort 2.0 dropping packets Always Bishan (Apr 20)
- Re: Snort 2.0 dropping packets Bennett Todd (Apr 20)
- Re: Snort 2.0 dropping packets Edin Dizdarevic (Apr 20)
- Re: Snort 2.0 dropping packets Gary Flynn (Apr 21)
- Re: Snort 2.0 dropping packets Bennett Todd (Apr 21)
- Re: Snort 2.0 dropping packets Gary Flynn (Apr 21)
- <Possible follow-ups>
- Re: Snort 2.0 dropping packets Neil Dickey (Apr 21)
- Re: Snort 2.0 dropping packets Edin Dizdarevic (Apr 21)
- Re: Snort 2.0 dropping packets Bennett Todd (Apr 21)
- Re: Snort 2.0 dropping packets Edin Dizdarevic (Apr 21)