[Snort-users] Too little traffic being seen!

Matt Kettler mkettler at ...4108...
Wed Apr 23 14:58:24 EDT 2003

Try sending snort a kill -USR1 and look in your syslog logfiles to see if 
it's dropping packets. (yes, it WILL go to syslog, even if you're not using 
syslog logging for snort alerts)

  If it is, disable spp_portscan2 and spp_conversation and try that. They 
chew up a lot of memory and add a lot of overhead for something that 
doesn't work well.

You might also want to run "top" and make sure you're not using a ton of 
swap memory.

At 02:02 PM 4/23/2003 -0700, Adrian.Mink at ...8989... wrote:
>and when I fire up ethereal I can see the raw traffic so I know the data 
>is getting to the system. Help?

