[Snort-users] Alert payloads not matching alert rules
Jason.Haar at ...294...
Wed Nov 22 15:21:51 EST 2006
Joel Esler wrote:
> Are you dropping any packets? It seems that with 3 processes of Snort, on the same box, with only 2 Gigs of RAM trying to analyze that much traffic, you are probably dropping packets in addition to Snort overwriting its own memory.
Can you explain what you mean by snort overwriting it's own memory? How
is that possible? I thought standard OS process separation would stop
that? (I am assuming you meant having >1 snort process leads to one
snort process "corrupting" another)
I also routinely run multiple snort instances - this comes as a bit of a
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
More information about the Snort-users