[Snort-users] Snort newbie

Chris Strzelczyk chris at ...11715...
Tue Apr 27 07:38:19 EDT 2004


Hello,

I am as green as they come to snort so I hope this question isn't too 
annoying.

I have a low traffic FreeBSD server that is on the same switch as two 
high traffic servers.  I have installed snort and snortsnarf on this 
server.  When I fire up Snort, my MRTG graphs go bonkers since I am 
listening to all traffic on the same switch.  This slows my little 
server down to a snail's crawl.  Is the only real way to fix this 
involve installing a separate switch for this machine to listen on.  I 
have been through the documentation and I am not clear on how to make 
Snort listen and record only the traffic that is relevant to it.  I 
appreciate any help you can give me on this.

Thank You.

-cs





More information about the Snort-users mailing list