Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Improving overall performance of snort and stopping those drops

From: Edin Dizdarevic <edin.dizdarevic () interActive-Systems de>
Date: Wed, 05 Nov 2003 12:44:24 +0100
Scott Zawalski schrieb:
I am using snort to collect packets on a gig connection that gets on average 1.3 tB/s. 

[...]


Any tips or tricks are greatly appreciated!

Thank you,
Scott


- Have you tried increasing the number of the ring buffer cells like
  PCAP_FRAMES=max?

- I suppose your ruleset is already optimized

- Deactivate preprocessor frag2 if you're behind a defragmenting
  firewall (Netfilter always defragments if you turn on conntrack)

- Blend out the encrypted traffic (SSL/HTTPS/IMAPS/POP3S)

Regards,
Edin

--
Edin Dizdarevic



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: