[Snort-users] snort performance vs traffic
erek at ...577...
Tue Jul 9 09:33:08 EDT 2002
On Tue, 9 Jul 2002, Tim Prendergast wrote:
> I'm running Snort 1.8.6 (build 105) on Redhat 7.1, 2x9.1 scsi disks,
> P3-500 w/ 256mb memory (Dell Poweredge 1300).
Ok, to be honest--Try an upgrade to 1.8.7. See if that makes a difference.
If that's not possible, here are some other factors:
Number of rules--Have you tuned the rulesets for your network?
$HOME_NET--What do you have defined for that?
$EXTERNAL_NET--What's defined here as well?
Regex--Are you trying to use any rules with regex in them?
If you can upgrade, keep a copy of your rules, snort.conf and snort binary.
That way, if you need to "roll back" quickly you can.
There were a few changes to snort.conf so you'll want to be sure to read the
new comments. Diff is your friend! :)
More information about the Snort-users