[Snort-users] snort dropping 48%

SN ORT snort_on_acid at ...131...
Thu May 6 14:13:10 EDT 2004


Might I suggest using freeBSD? RH will use all of the
memory you give it and libcap is not the best
performer. You can also try getting a bigger processor
and/or tuning your rules, starting with disabling the
content-based rules, narrowing down your
$web_servers..etc

Cheese!

Marc

>Message: 4
>Subject: RE: [Snort-users] snort dropping 48%
>Date: Thu, 6 May 2004 14:02:59 -0400
>From: "Sheahan, Paul" <Paul.Sheahan at ...2218...>
>To: <snort-users at lists.sourceforge.net>
>Cc: "snort user" <snortuser at ...125...>


>I still don't have an answer either. 49% of packets
>being dropped is
>absolutely ridiculous.

>I recently ran TOP to check memory while Snort was
>running my
>content-based rules and noticed that even though I
>had 1 gig of ram in
>my server, there was almost no free memory. So I
>upgraded to 4 gig of
>RAM figuring Snort just needed more RAM, but the same
>problem is still
>occurring, 49% of packets are still being dropped.

>Should I take a look at libpcap? I understand there
>are multiple
>versions. What version should I be running?

>Thanks


	
		
__________________________________
Do you Yahoo!?
Win a $20,000 Career Makeover at Yahoo! HotJobs  
http://hotjobs.sweepstakes.yahoo.com/careermakeover 




More information about the Snort-users mailing list