[Snort-users] one way Ethernet cable performance
erek at ...577...
Thu Feb 28 08:17:06 EST 2002
On Thu, 28 Feb 2002, Onie Camara wrote:
> Ok. Since the subject title contains "performance" :-)
> what would be a good command line parameter to run snort in a production
> Is mine good enough assuming I've got well-tuned rules?
> snort -d -b -q -o -k none -c /etc/snort/snort.conf -l /var/log/snort
Actually, you could drop the -d. Since the binary mode logs the entire
packet, you don't need to 'decode' it. Only when you did a 'snort -dvr
<file>' would it be of use.
More information about the Snort-users