Snort mailing list archives
Re: Best practices for very high volume install..
From: Joe Pampel <jpampel () paladyne com>
Date: Mon, 20 Dec 2010 18:28:48 -0500
Use a tap to break it into 2 or more 1G sessions and use n+1 sensors. Joe Pampel Sent from my iPhone4 with more Gbs On Dec 20, 2010, at 6:21 PM, "Wil Schultz" <wschultz () bsdboy com> wrote:
Hey there, have a very high traffic install (snort 2.9/barnyard2) that I'm trying to get into a good and usable position. At this point I've got a gig port that's saturated to the box so we're going to do a 2g port-channel here in a bit. So far I've come to the conclusion that mysql binary logging isn't realistic, so it's been turned off. Additionally I've got a script that runs at midnight to purge alerts that are greater than 2 days old. I'm considering putting the database into RAM for a little more speed. Does anyone else have some other best practice type suggestions for a very high traffic box? -wil ------------------------------------------------------------------------------ Lotusphere 2011 Register now for Lotusphere 2011 and learn how to connect the dots, take your collaborative environment to the next level, and enter the era of Social Business. http://p.sf.net/sfu/lotusphere-d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
The information contained in this correspondence is intended solely for the person or entity entitled to receive the confidential and/or privileged material that it may contain. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, the information in this correspondence (including any attachments) by anyone other than the intended recipient is strictly prohibited. If you believe that you may not be the intended recipient, please destroy and/or delete this correspondence and the attachment(s). ------------------------------------------------------------------------------ Lotusphere 2011 Register now for Lotusphere 2011 and learn how to connect the dots, take your collaborative environment to the next level, and enter the era of Social Business. http://p.sf.net/sfu/lotusphere-d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Best practices for very high volume install.. Wil Schultz (Dec 20)
- Re: Best practices for very high volume install.. Castle, Shane (Dec 20)
- Re: Best practices for very high volume install.. Joel Esler (Dec 20)
- Re: Best practices for very high volume install.. Jefferson, Shawn (Dec 21)
- Re: Best practices for very high volume install.. Weir, Jason (Dec 21)
- Re: Best practices for very high volume install.. Jefferson, Shawn (Dec 21)
- Re: Best practices for very high volume install.. Crook, Parker (Dec 21)
- Re: Best practices for very high volume install.. Matthew Jonkman (Dec 21)
- Re: Best practices for very high volume install.. Joel Esler (Dec 20)
- Re: Best practices for very high volume install.. Castle, Shane (Dec 20)