RE: snort dropping 48%

[SN ORT <snort_on_acid () yahoo com>]

Might I suggest using freeBSD? RH will use all of the
memory you give it and libcap is not the best
performer. You can also try getting a bigger processor
and/or tuning your rules, starting with disabling the
content-based rules, narrowing down your
$web_servers..etc

Cheese!

Marc

> Message: 4
> Subject: RE: [Snort-users] snort dropping 48%
> Date: Thu, 6 May 2004 14:02:59 -0400
> From: "Sheahan, Paul" <Paul.Sheahan () priceline com>
> To: <snort-users () lists sourceforge net>
> Cc: "snort user" <snortuser () hotmail com>


> I still don't have an answer either. 49% of packets
> being dropped is
> absolutely ridiculous.

> I recently ran TOP to check memory while Snort was
> running my
> content-based rules and noticed that even though I
> had 1 gig of ram in
> my server, there was almost no free memory. So I
> upgraded to 4 gig of
> RAM figuring Snort just needed more RAM, but the same
> problem is still
> occurring, 49% of packets are still being dropped.

> Should I take a look at libpcap? I understand there
> are multiple
> versions. What version should I be running?

> Thanks


        
                
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs  
http://hotjobs.sweepstakes.yahoo.com/careermakeover 


-------------------------------------------------------
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to 
deliver higher performing products faster, at low TCO.
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users