[Snort-users] snort-1.8.7 and alert file
erek at ...577...
Tue Jul 30 08:19:02 EDT 2002
On Tue, 30 Jul 2002 bthaler at ...2720... wrote:
> OK. Now my snort.conf has this:
> output log_null
> output log_unified: filename snort.log, limit 128
> And logging is back, but so is the alert file. Sorry if I'm missing
> something really basic here.
Hrm.... No, I think you're doing everything you should be.... This looks
like it needs to be played with in the test lab.
As a kludge, you could set the log dir to be /dev/null.
> As far as my network utilization, I'm using about 30Mbit of a 45Mbit pipe.
Hrm... That's not an insane amount. Things could/should be working better...
Hardware-wise, do you have enough? One thing you might also want to consider
is making sure you're on SCSI disks. IDE tries, but it just can't cut it on
high volume (I/O) applications.
Also, make sure you are using CIDR on your HOME_NET. Make sure that the home
net is in as few blocks as possible. IOW, use a /29 instead of 8 /32's.
Hope that helps some!
More information about the Snort-users