[Snort-users] Too little traffic being seen!
mkettler at ...4108...
Wed Apr 23 14:58:24 EDT 2003
Try sending snort a kill -USR1 and look in your syslog logfiles to see if
it's dropping packets. (yes, it WILL go to syslog, even if you're not using
syslog logging for snort alerts)
If it is, disable spp_portscan2 and spp_conversation and try that. They
chew up a lot of memory and add a lot of overhead for something that
doesn't work well.
You might also want to run "top" and make sure you're not using a ton of
At 02:02 PM 4/23/2003 -0700, Adrian.Mink at ...8989... wrote:
>and when I fire up ethereal I can see the raw traffic so I know the data
>is getting to the system. Help?
More information about the Snort-users