[Snort-users] Configuration tradeoffs

Stewart L stewartl42 at ...11827...
Wed Aug 27 12:14:13 EDT 2008


So,

I sat through a Webinar on common mistakes made when setting up Snort.
They mentioned that http_inspect needs to be configured to reduce false
positives.

I have my global configuration, I have my default server configuration, then
I added about 40 server configuration lines for my Linux Servers.

I'm seeing more packet loss since I configured all this up.   Went from
about 0.1% loss to more than 2%.

Am I doing something incorrect here? Or is this expected?

-- 
Stewart
--
You only lose what you cling to.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20080827/2e721428/attachment.html>


More information about the Snort-users mailing list