[Snort-users] 158 Meg snort?

Frank la at ...4425...
Thu Jan 10 12:49:05 EST 2002


I found the problem. Wrong preprocessors selected:

I disabled:

preprocessor defrag
preprocessor stream2: timeout 10, ports 21 23 80 110 143, maxbytes 16384

And enabled:

preprocessor frag2: 16777216, 10
preprocessor stream4: timeout 10, maxbytes 16384


And the problem was solved.

Frank




On Wed, 9 Jan 2002, Frank wrote:
> 
> I've run snort for two days on a very busy sensor. It now shows 158 Meg
> size. When I restart it's 14 meg.
> 
> 
> System info:
> 
> Snort compiled with mysql and snmp support.
> 
> snort -V
> 
> -*> Snort! <*-
> Version 1.8.3 (Build 88)
> By Martin Roesch (roesch at ...1935..., www.snort.org)
> 
> 
> Linux 2.4.7-10smp #1 SMP Thu Sep 6 17:09:31 EDT 2001 i686 unknown





More information about the Snort-users mailing list