[Snort-users] A general query regarding snort.

Robert D. Hughes rob at ...1932...
Sun Oct 28 06:42:05 EST 2001


Ahsley,

If you're running 1.8.1 or later, you should set your alert options
within the snort.conf, not on the command line. If you want to find out
how many rules snort is loading, run ./snort -T and you'll get the full
diagnostics output. Yes, loading more rules does cause snort to work
harder, but I'm running a pretty full rule set (1066 rules with all
pre-processors on) on a PII 333 and snort uses relatively little
processor given that I have a multi-megabit connection. On my FreeBSD
box, natd actually takes up more time.



-----Original Message-----
From:	ashley thomas
Sent:	Fri 10/26/2001 8:53 PM
To:	snort-users at lists.sourceforge.net
Cc:	
Subject:	[Snort-users] A general query regarding snort.
hi,

When snort is run in IDS mode which is the most usual and fast way to
run ?
I am running as:

snort -b -A fast -c snort.conf

I want snort to run as fast as possible.

What is the average number of rules that users loads on snort ? As the
number of 
rules is increased, load on snort increases ,right ?

Any information is welcome.

thanks a lot
ashley


_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



-------------- next part --------------
A non-text attachment was scrubbed...
Name: winmail.dat
Type: application/ms-tnef
Size: 3147 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20011028/d5b1cfb7/attachment.bin>


More information about the Snort-users mailing list