[Snort-users] Snort rules questions
sloanm at ...468...
Tue Oct 2 21:16:03 EDT 2001
I built snort 1.8.1 with the new rules on linux 7.1. I started it and it ran fine for about 12 hours with many alerts. Now it will not alert but very rarely about once every 12 hours. I know there is more activity but for some reason snort does not or will not pick it up. Could it be my hardware. I am running it on an old pentium 100 Mhz box with 40 MB of RAM. Is this hardware grossly inadequate. I have been monitoring the space in RAM that snort is using and it remains around 15 % of the system RAM. I read the FAQ but I am hesistant to remove any of the rules unless absolutely necessary.
1. Is my RAM inadequate?
2. Does my Processor play a bigger role with snort?
3. If I need to remove some rules can anyone make any recommendations.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users