[Snort-users] Can I 'nice' snort process?
drajesh at ...3758...
Thu Jan 10 22:13:03 EST 2002
If you only want the signatures targeted at your web server you can think of
disabling other rules in your snort.Finger,smtp,sql,telnet,etc....But you won't
be able to detect the overall attacks targeted on your network.
Saad Kadhi wrote:
> On Thu, 2002-01-10 at 19:03, Tran, John wrote:
> > I'm running snort on one of my web servers as a local IDS (don't ask me why,
> > let's just go along w/ it for now..) and it takes up massive amounts of CPU
> > (40%), which can be expected considering it's a large amount of traffic. It
> > was suggested to me to run 'nice' on the process to throttle it's CPU usage,
> > but I'm pretty sure throttling snort will cause it to drop a lot of packets.
> > Is this true?
> yep at least to my field knowledge. But instead of nice-ing, you could
> log less stuff, tune up your kernel, etc...
> /Saad -- [bsdguy at ...4401...]
> [pgp keyid: 35592A6D http://pgp.mit.edu]
> # buy a geek-in-a-can, point nozzle at technical problem and spray
> # if desesperate degauss your screen. it might solve your pb as well
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users