[Snort-users] Configuration tradeoffs

Joel Esler eslerj at ...11827...
Wed Aug 27 13:12:37 EDT 2008


How long have you had this running?

J

On Aug 27, 2008, at 12:14 PM, Stewart L wrote:

> So,
>
> I sat through a Webinar on common mistakes made when setting up  
> Snort.   They mentioned that http_inspect needs to be configured to  
> reduce false positives.
>
> I have my global configuration, I have my default server  
> configuration, then I added about 40 server configuration lines for  
> my Linux Servers.
>
> I'm seeing more packet loss since I configured all this up.   Went  
> from about 0.1% loss to more than 2%.
>
> Am I doing something incorrect here? Or is this expected?
>
> -- 
> Stewart
> --
> You only lose what you cling to.
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's  
> challenge
> Build the coolest Linux based applications with Moblin SDK & win  
> great prizes
> Grand prize is a trip for two to an Open Source event anywhere in  
> the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/_______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


--
Joel Esler
  http://blog.joelesler.nethttp://www.dearcupertino.com
[m]



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20080827/792768b9/attachment.html>


More information about the Snort-users mailing list