[Snort-users] Snort rules questions

Sloan Miller sloanm at ...468...
Tue Oct 2 21:16:03 EDT 2001


I built snort 1.8.1 with the new rules on linux 7.1.  I started it and it ran fine for about 12 hours with many alerts.  Now it will not alert but very rarely about once every 12 hours.  I know there is more activity but for some reason snort does not or will not pick it up.  Could it be my hardware.  I am running it on an old pentium 100 Mhz box with 40 MB of RAM.  Is this hardware grossly inadequate.  I have been monitoring the space in RAM that snort is using and it remains around 15 % of the system RAM.  I read the FAQ but I am hesistant to remove any of the rules unless absolutely necessary.

1.  Is my RAM inadequate?
2.  Does my Processor play a bigger role with snort?
3.  If I need to remove some rules can anyone make any recommendations. 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20011002/7f0fc214/attachment.html>


More information about the Snort-users mailing list