[Snort-users] Improving performance by timing each rule?

Matt Jonkman jonkman at ...14019...
Fri Apr 13 11:58:05 EDT 2007


Yes, chapter 7 rules!  :)

6 is good, but it's no 7...

Seriously, I agree with you OlRoy. That book came out better than any
I'd ever read before, and I'm not just saying that because I wrote a
chapter. The other contributors to it (including Joel) put some
incredible info in there. Much easier to use and apply I think.

Glad you're enjoying it.

Matt

OlRoy OlRoy wrote:
> Thanks Joel, I'll do that.  I'm on chapter 5 now so I should be on 6
> later today.  So far I'm loving the book.  I've read a few books on
> Snort, and this one is turning out to be my favorite.
> 
> Matt, chapter 7 is one of the chapters that I'm looking forward to
> reading the most.  I've skimmed through it and can tell it will be a
> good read.
> 
> Thank you both for sharing your knowledge!
> 
> */Joel Esler <joel.esler at ...1935...>/* wrote:
> 
>     Ask, and ye shall receive. Read Chapter 6.
> 
>     J
> 
> 
>     On Fri, Apr 13, 2007 at 07:50:15AM -0700, it looks like OlRoy OlRoy
>     sent me:
>     >
>     > I'm reading Snort IDS and IPS Toolkit and in it they said that even
>     > the fastest computer could be incapable of monitoring a 56k link if
>     > you're using rules that were poorly written. Given that performance
>     > is important with Snort, and that rules affect performance, would it
>     > be helpful if Snort had a way of printing rules that are taking the
>     > longest time to process? A top 10 list would enable people to see
>     > rules might need to be modified or removed.
>     > _________________________________________________________________
>     >
>     > Ahhh...imagining that irresistible "new car" smell?
>     > Check out [1]new cars at Yahoo! Autos.
>     >
>     > References
>     >
>     > 1.
>     http://us.rd.yahoo.com/evt=48245/*http://autos.yahoo.com/new_cars.html;_ylc=X3oDMTE1YW1jcXJ2BF9TAzk3MTA3MDc2BHNlYwNtYWlsdGFncwRzbGsDbmV3LWNhcnM-
> 
>     >
>     -------------------------------------------------------------------------
>     > Take Surveys. Earn Cash. Influence the Future of IT
>     > Join SourceForge.net's Techsay panel and you'll get the chance to
>     share your
>     > opinions on IT & business topics through brief surveys-and earn cash
>     >
>     http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> 
>     > _______________________________________________
>     > Snort-users mailing list
>     > Snort-users at lists.sourceforge.net
>     > Go to this URL to change user options or unsubscribe:
>     > https://lists.sourceforge.net/lists/listinfo/snort-users
>     > Snort-users list archive:
>     > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> 
> 
> 
>     +---------------------------------------------------------------------+
>     Joel Esler Security Consultant
>     gpg key: http://demo.sourcefire.com/jesler.pgp.key
>     +---------------------------------------------------------------------+
> 
> 
> ------------------------------------------------------------------------
> Ahhh...imagining that irresistible "new car" smell?
> Check out new cars at Yahoo! Autos.
> <http://us.rd.yahoo.com/evt=48245/*http://autos.yahoo.com/new_cars.html;_ylc=X3oDMTE1YW1jcXJ2BF9TAzk3MTA3MDc2BHNlYwNtYWlsdGFncwRzbGsDbmV3LWNhcnM->
> 
> 
> 
> ------------------------------------------------------------------------
> 
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys-and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-- 
--------------------------------------------
Matthew Jonkman
Bleeding Edge Threats
765-429-0398
765-807-3060 fax
http://www.bleedingthreats.net
--------------------------------------------

PGP: http://www.bleedingthreats.com/mattjonkman.asc






More information about the Snort-users mailing list