[Snort-users] snort optimization

Martin Roesch roesch at ...421...
Thu Jan 18 01:42:32 EST 2001


CHeck out the USAGE file, it has some hints for high performance
configurations.  One thing you should do to speed up what you've got
there is to use the '-A fast' switch instead of 'full'.

Snortfull.conf includes just about everything that's in the lib files in
the distro.  You can feel free to hand edit the file to add any
functionality that you'd like after you've downloaded it, we don't mind.
:)

   -Marty

Deja User wrote:
> 
> What is the fastest, most complete was to run snort.  I have a busy network segment that I?m spanning and sending to the snort IDS.
> I downloaded the complete rule file from snort.org "snortfull.conf"
> So here is what I have
> snort -A full -b -c snortfull.com -i eth0 -l /LOG/snort
> 
> Is there anything I can do to make it faster and not drop any traffic?
> Also, the snortfull.conf does not include any library references, is there anything I can do to make my capture more complete?
> 
> Thanks,
> Mohammed.
> 
> ------------------------------------------------------------
> --== Sent via Deja.com ==--
> http://www.deja.com/
> 
> ÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÒ?Síþë
®ÉsSX§,X¬µ)è®ßî±êìþX¬¶Ïì¢êÜyú+?ïçzѨ¶<aSÅ.Ú
?©àzë
®SmS?좻§²æìr¸>{øm¶YÿþX¬¶Ïì¢êÜyú+?ïçzßåSËlþX¬¶)ߣû'¢»ÿºÇ«

--
Martin Roesch
roesch at ...421...
http://www.snort.org




More information about the Snort-users mailing list