Snort mailing list archives
Re: Snort questions
From: Matt Kettler <mkettler () evi-inc com>
Date: Tue, 06 Jul 2004 10:40:51 -0400
At 10:39 AM 7/5/2004, shashank.joshi () tcs com wrote:
It is mentioned that snort has a 'very small footprint' what is the size of the footprint ?
This varies a lot based on configuration.A copy of snort 2.2.0-rc1 using a more-or-less default config (single /24 in HOME_NET, no other changes) has a RSS of 34352 k on my system.
Switching the "search-method" to "lowmem" drops the rss to 11200 kOne could drop it much further by reducing the number of rules used, and by turning off preprocessors.
whether snort RPMs are stable and what are the pros and cons of using RPM over compiling from source ?
I personally prefer compiling from source, but that's largely because I use a stack protection type compiler for this kind of thing.
RPMS: easy source: more flexible in build options, choice of compiler, etc.
how to prepare reports from snort logs ?
http://www.snort.org/dl/contrib/data_analysis/
what is the best method of rules updation ?
I've never used it, but many on the list seem to like oinkmaster as a rule-update manager.
http://www.snort.org/dl/contrib/rule_management/oinkmaster/
how frequently do I need to upgrade snort ?
New versions of significance seem to happen about 3-4 times a year. You might find yourself valuing different features than I do, so you may update more or less frequently.
any suggestions for backup strategy ?
backup of what? The snort data? depends on how you log it.. ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training.Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort questions shashank . joshi (Jul 05)
- RE: Snort questions Patrick S. Harper (Jul 05)
- Message not available
- Re: Snort questions Matt Kettler (Jul 06)