[Snort-users] Improving overall performance of snort and stopping those drops

Edin Dizdarevic edin.dizdarevic at ...7509...
Wed Nov 5 03:46:04 EST 2003


Scott Zawalski schrieb:
> I am using snort to collect packets on a gig connection that gets on 
> average 1.3 tB/s.

[...]

> Any tips or tricks are greatly appreciated!
> 
> Thank you,
> Scott

- Have you tried increasing the number of the ring buffer cells like
   PCAP_FRAMES=max?

- I suppose your ruleset is already optimized

- Deactivate preprocessor frag2 if you're behind a defragmenting
   firewall (Netfilter always defragments if you turn on conntrack)

- Blend out the encrypted traffic (SSL/HTTPS/IMAPS/POP3S)

Regards,
Edin

-- 
Edin Dizdarevic





More information about the Snort-users mailing list