[Snort-users] one way Ethernet cable performance

Erek Adams erek at ...577...
Thu Feb 28 08:17:06 EST 2002


On Thu, 28 Feb 2002, Onie Camara wrote:

> Ok. Since the subject title contains "performance" :-)
> what would be a good command line parameter to run snort in a production
> environment?
>
> Is mine good enough assuming I've got well-tuned rules?
>
> snort -d -b -q -o -k none -c /etc/snort/snort.conf -l /var/log/snort

Actually, you could drop the -d.  Since the binary mode logs the entire
packet, you don't need to 'decode' it.  Only when you did a 'snort -dvr
<file>' would it be of use.

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list