[Snort-users] snort dropping 48%
michael at ...3137...
Mon May 10 07:24:23 EDT 2004
On Fri, 2004-05-07 at 23:23, Chuck Holley wrote:
> I'm not sure exactly what I am supposed to tweak?? I am running the new
> snort, and have it pointing to the conf which going to a MySQL database. Now
> I am not seeing the amount of traffic I thought I would be seeing,
> especially to my websites. So I think it is dropping packets due to traffic,
> but I cant be sure. This is the command I issue:
> snort -dc /etc/snort/snort.conf
> would the fast mode switch help me? should I use barnyard?
> Any help would be great
Let me get this straight: You are letting snort log to MySQL on it's
own? That's one very effective way to kill snort performance.
Yes, you should install and use barnyard - there is no way you will get
snort keep up with any sort of decent traffic speed if you expect it to
insert the alerts into the database as well...
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: This is a digitally signed message part
More information about the Snort-users