[Snort-users] snort performance vs traffic

Erek Adams erek at ...577...
Tue Jul 9 09:33:08 EDT 2002

On Tue, 9 Jul 2002, Tim Prendergast wrote:

> I'm running Snort 1.8.6 (build 105) on Redhat 7.1, 2x9.1 scsi disks,
> P3-500 w/ 256mb memory (Dell Poweredge 1300).

Ok, to be honest--Try an upgrade to 1.8.7.  See if that makes a difference.
If that's not possible, here are some other factors:

	Number of rules--Have you tuned the rulesets for your network?
	$HOME_NET--What do you have defined for that?
	$EXTERNAL_NET--What's defined here as well?
	Regex--Are you trying to use any rules with regex in them?

If you can upgrade, keep a copy of your rules, snort.conf and snort binary.
That way, if you need to "roll back" quickly you can.

There were a few changes to snort.conf so you'll want to be sure to read the
new comments.  Diff is your friend!  :)


Erek Adams

More information about the Snort-users mailing list