[Snort-users] Snort rules questions
jsage at ...2022...
Tue Oct 2 22:49:02 EDT 2001
I'm running snort-1.8.1-RELEASE on RHL 6.2 on a Pentium 150 with 96mb
ram, -b binary logging all traffic on my external interface, a low
top shows snort at 1.4% memory usage.
This box is also running an ipchains-based firewall, a caching-only
nameserver, apache, emacs... but I'm *not* running X..
What sort of connection are you watching?
What else is running? X? Get rid of it; the cli is your friend.
How many rules?
Snort sez I've got about 95...
FinchHaven, Vashon Island, WA, USA
mailto:jsage at ...2022...
"The web is so, like, five minutes ago..."
Sloan Miller wrote:
> I built snort 1.8.1 with the new rules on linux 7.1. I started it and
> it ran fine for about 12 hours with many alerts. Now it will not alert
> but very rarely about once every 12 hours. I know there is more
> activity but for some reason snort does not or will not pick it up.
> Could it be my hardware. I am running it on an old pentium 100 Mhz box
> with 40 MB of RAM. Is this hardware grossly inadequate. I have been
> monitoring the space in RAM that snort is using and it remains around 15
> % of the system RAM. I read the FAQ but I am hesistant to remove any of
> the rules unless absolutely necessary.
> 1. Is my RAM inadequate?
> 2. Does my Processor play a bigger role with snort?
> 3. If I need to remove some rules can anyone make any recommendations.
More information about the Snort-users