Snort mailing list archives

Previous By Date Next
Previous By Thread Next

A few questions regarding Solaris

From: Robert Riskin <freshbones () gmail com>
Date: Mon, 30 Aug 2010 07:54:07 -0400
Hey everyone,

Just joined list, have been using Snort for the last year or so.  I chose to
run it on Solaris 10/8 because my HP box had Solaris drivers for the RAID
controller and special NICs I got.  I have a few questions regarding
SO_RULES.

Mainly, has anyone gotten them to compile on a Solaris build?  I'm not
successful at compiling them from scratch.  I pay the subscription fee and I
feel that I'm taking advantage of the subscription by not using the
SO_RULES.  Any help at all would be great!

Also i'm running it on a heavily trafficed VLAN, lots of server and
workstation traffic, to/from Internet, etc.  I know that some alerts are
being missed.  I have tuned out a lot of the snort rulesets and use emerging
markets and most of the malware rulesets.  I still find myself missing
alerts, for example i'll try and hit one of the RBN sites and sometimes
Snort will trigger and alert and sometimes it won't.  Is there anything I
can do to make sure it captures everything without missing anything.  My box
has 10GB of Ram and 500GB 10k harddrives.  So i'm not sure where the
bottleneck is.  I run snort 8.6 and barnyard 1 because 2 wouldn't compile
correctly for me on Solaris; I run both of these in damon mode.

Any help is greatly appreciated!!

I was debating switching to a platform that has the SO_RULES ready to go,
but i'm concerned that HP won't have drivers for that platform . . . running
an HP ML370 G5

-Joe

------------------------------------------------------------------------------
Sell apps to millions through the Intel(R) Atom(Tm) Developer Program
Be part of this innovative community and reach millions of netbook users 
worldwide. Take advantage of special opportunities to increase revenue and 
speed time-to-market. Join now, and jumpstart your future.
http://p.sf.net/sfu/intel-atom-d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: