[Snort-users] Snort 2.0 dropping packets

Bennett Todd bet at ...6163...
Sun Apr 20 10:24:06 EDT 2003

Configure your snort to use -A fast -b. If that doesn't make your
packet drops go away, then you'll need to do some real tuning;
because, if that doesn't make your packet drops go away, you
probably have to many alerts being fired that the cost of the
alerting and logging is overwhelming your systems. You'll need to
tighten things down so alerts aren't so frequent.

If -A fast -b does fix your packet losses, then you can either
building your reporting/monitoring/alerting/... around those
outputs, or you can switch to barnyard, making sure you run the
RDBMS on a different system from the snorts.

