[Snort-users] Snort dropping packets

KS kanwaljeet at ...10300...
Mon Feb 2 09:37:15 EST 2004


I have a Dual processor Dell poweredge 1600SC box having intel Xeon 2Ghz
processors and 128 Meg Ram and it is running snort win32 version.  I can see
a lot of alerts on acid console and cpu utlization of the box remains within
5 %.

I have snort running in service mode  with following comand line through IDS

c:\Snort\bin\snort.exe -c "c:\Snort\etc\snort.conf" -l "c:\Snort\log" -i 1

Quite interestingly When i run snort in VERBOSE mode using   snort -v -i1 on
the command prompt, i can see snort logging packets and  when i stop it, it
shows dropped packets and cpu utlization of the box, when i run snort in
verbose mode, goes to 45- 50%


Snort analyzed 9094 out of 10327 packets,
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ dropping 1233(11.306%) packets

Is it possible that snort is dropping packets only in verbose mode and not
otherwise ?

Appreciate any help on this.

Below are few lines taken from snort website :

" If Snort is going to be used in a long term way as an IDS, the -v switch
should be left off the command line for the sake of speed. The screen is a
slow place to write data to, and packets can be dropped while writing to the
display. "


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040202/b0f9fecc/attachment.html>

More information about the Snort-users mailing list