[Snort-users] Snort rules questions
sloanm at ...468...
Tue Oct 2 23:19:06 EDT 2001
Sorry about that I should have mentioned that I am running snort on a DSL
connection. This is my home network. Not a great deal of traffic. The box
is not running X, it was running apache but I disabled it to free up more
RAM to see if there was an effect. I am running the full set of snort rules
from snort.org If I remember correctly it is over 100 about 108 or so.
----- Original Message -----
From: "John Sage" <jsage at ...2022...>
To: "Sloan Miller" <sloanm at ...468...>
Cc: "Snort-Userst at ...1973... Sourceforge. Net"
<snort-users at lists.sourceforge.net>
Sent: Tuesday, October 02, 2001 10:47 PM
Subject: Re: [Snort-users] Snort rules questions
> I'm running snort-1.8.1-RELEASE on RHL 6.2 on a Pentium 150 with 96mb
> ram, -b binary logging all traffic on my external interface, a low
> volume dialup.
> top shows snort at 1.4% memory usage.
> This box is also running an ipchains-based firewall, a caching-only
> nameserver, apache, emacs... but I'm *not* running X..
> What sort of connection are you watching?
> What else is running? X? Get rid of it; the cli is your friend.
> How many rules?
> Snort sez I've got about 95...
> - John
> John Sage
> FinchHaven, Vashon Island, WA, USA
> mailto:jsage at ...2022...
> "The web is so, like, five minutes ago..."
> Sloan Miller wrote:
> > I built snort 1.8.1 with the new rules on linux 7.1. I started it and
> > it ran fine for about 12 hours with many alerts. Now it will not alert
> > but very rarely about once every 12 hours. I know there is more
> > activity but for some reason snort does not or will not pick it up.
> > Could it be my hardware. I am running it on an old pentium 100 Mhz box
> > with 40 MB of RAM. Is this hardware grossly inadequate. I have been
> > monitoring the space in RAM that snort is using and it remains around 15
> > % of the system RAM. I read the FAQ but I am hesistant to remove any of
> > the rules unless absolutely necessary.
> > 1. Is my RAM inadequate?
> > 2. Does my Processor play a bigger role with snort?
> > 3. If I need to remove some rules can anyone make any recommendations.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users