[Snort-users] Rules optimization

Vuppala, Vijaybhasker (EM, GECIS) Vijaybhasker.Vuppala at ...9383...
Wed Jun 18 01:00:32 EDT 2003


I have used Snort ver 1.8.7 on Redhat Linux 7.3 with Default Rules provided
for pilot and I see tons of Alerts being generated. In about 40hours time
there are more than a lakh alerts and the database size is 1.9GB.  I see
most of the alerts are of no concern. I know lot of optimization needs to be
done but I'm worried i might disable real alerts.

If some one has already worked on this and can share their Rules and
snort.conf enabling the same it would be great. or else pls through some
guidelines as to how to go forward for this optimization.


More information about the Snort-users mailing list