[Snort-users] snort optimization

Avleen Vig avleen at ...396...
Mon Jan 15 14:22:57 EST 2001


The answer to both your questions is "no".
I'll be VERY suprised is snort drops any packets on that setup, and you
don't need anything more for a "more complete capture".

----- Original Message -----
From: "Deja User" <malzubs at ...479...>
To: <snort-users at lists.sourceforge.net>
Sent: Monday, January 15, 2001 7:00 PM
Subject: [Snort-users] snort optimization


> What is the fastest, most complete was to run snort.  I have a busy
network segment that I’m spanning and sending to the snort IDS.
> I downloaded the complete rule file from snort.org "snortfull.conf"
> So here is what I have
> snort -A full -b -c snortfull.com -i eth0 -l /LOG/snort
>
> Is there anything I can do to make it faster and not drop any traffic?
> Also, the snortfull.conf does not include any library references, is there
anything I can do to make my capture more complete?
>
> Thanks,
> Mohammed.
>
>
> ------------------------------------------------------------
> --== Sent via Deja.com ==--
> http://www.deja.com/
>
>
> J¶®Š‚µ®zŠ²q®z¶Š.…z®Š¢²rz§Š²q®zŠþ¶£¢±





More information about the Snort-users mailing list