[Snort-users] redundant rules

Watson, Ed ewatson at ...2004...
Thu May 10 16:27:14 EDT 2001

The default rules don't seem to pick up port scans, even obvious ones. I
thought if I used the vision.rules, that would be more effective, and it
hasn't. Could redundant rules cause it to not log these events?
1166 rules read...
1166 Option Chains linked into 257 Chain Headers
0 Dynamic rules
      Dell 1550
        dual PIII 833
        1gb ram
        100baseTX FDX
    Resource usage
        Mem .6%
        CPU  .1%

Ed Watson

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010510/4dc4035b/attachment.html>

More information about the Snort-users mailing list