[Snort-users] Second Snort instance killing performance
protocoljunkie at ...11827...
Mon Sep 12 10:21:23 EDT 2005
Metasploit is good for testing sigs--> http://www.metasploit.com
On 9/12/05, snort sara <snortster at ...11827...> wrote:
> Hi all,
> I need t show a demonstratoin of snort by showing some kinds of intrusuins
> that snort alerts on, do any one has a good testing tools to test snort?
> any reply will be appreciated.
> On 9/7/05, Paul Melson <pmelson at ...11827...> wrote:
> > I've just run into an interesting situation with one of my Snort
> > sensors.
> > I've added another interface attached to a new span port to my existing
> > sensor box and I want to run a second Snort process for that interface.
> > Same binary, same logs, but different config file and rule set for each
> > process. If either the original process monitoring eth1 or the new
> > process
> > monitoring eth2 are running, the load average is about 0.3-0.4. If both
> > processes run simultaneously, load jumps to 2.0+ and performance
> > suffers,
> > packets drop, etc.
> > The server is a Proliant G4 running RHEL4 with dual Xeon 3GHz CPUs, 2GB
> > RAM,
> > Ultra320 disks, etc. so it shouldn't be choking on this relatively small
> > amount of traffic. Snort version is Version 2.3.2 (Build 12).
> > Anybody run into anything like this before? The problem seems to be
> > specific to running two Snort processes, but I'm not sure where to
> > troubleshoot next.
> > PaulM
> > -------------------------------------------------------
> > SF.Net email is Sponsored by the Better Software Conference & EXPO
> > September 19-22, 2005 * San Francisco, CA * Development Lifecycle
> > Practices
> > Agile & Plan-Driven Development * Managing Projects & Teams * Testing &
> > QA
> > Security * Process Improvement & Measurement *
> > http://www.sqe.com/bsce5sf
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
May the packets be with you.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users