Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: snort 2.0.1

From: Matt Kettler <mkettler () evi-inc com>
Date: Thu, 07 Aug 2003 17:23:30 -0400
At 04:43 PM 8/6/2003 -0400, Luo, Philip wrote:

My question is I did not see this returning before, is there a problem?
You should see packet statistics every time you exit snort when you start it in non-daemon mode. If you don't see all that, you've got problems. 


What would be the reason I lost many packets?


In short, your system is too slow for the snort setup you've got.
Check to see if you're digging into your swapfile. If you are, try turning off some memory intensive features.
It may also be that your CPU isn't fast enough to keep up, in which case you need to make your configurationless CPU intensive.
The spp_portscan2/spp_conversation pair is VERY memory and CPU intensive, so if you have those on you might consider trying it without them. From there you can start tweaking and see how it goes. 






-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: