Configuration tradeoffs

["Stewart L" <stewartl42 () gmail com>]

So,

I sat through a Webinar on common mistakes made when setting up Snort.
They mentioned that http_inspect needs to be configured to reduce false
positives.

I have my global configuration, I have my default server configuration, then
I added about 40 server configuration lines for my Linux Servers.

I'm seeing more packet loss since I configured all this up.   Went from
about 0.1% loss to more than 2%.

Am I doing something incorrect here? Or is this expected?

-- 
Stewart
--
You only lose what you cling to.

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users