[Snort-users] snort dropping 48%

Michael Boman michael at ...3137...
Mon May 10 07:24:23 EDT 2004


On Fri, 2004-05-07 at 23:23, Chuck Holley wrote:
> I'm not sure exactly what I am supposed to tweak??  I am running the new
> snort, and have it pointing to the conf which going to a MySQL database. Now
> I am not seeing the amount of traffic I thought I would be seeing,
> especially to my websites. So I think it is dropping packets due to traffic,
> but I cant be sure. This is the command I issue: 
> 
> snort -dc /etc/snort/snort.conf
> 
> would the fast mode switch help me?  should I use barnyard?
> 
> Any help would be great

Let me get this straight: You are letting snort log to MySQL on it's
own? That's one very effective way to kill snort performance.

Yes, you should install and use barnyard - there is no way you will get
snort keep up with any sort of decent traffic speed if you expect it to
insert the alerts into the database as well...

Best regards
 Michael Boman

-- 
Michael Boman
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040510/9810082d/attachment.sig>


More information about the Snort-users mailing list