[Snort-users] Getting tuned finally!

Jefferson, Shawn Shawn.Jefferson at ...14448...
Wed Mar 11 16:55:36 EDT 2009

So I think I'm finally getting my snort sensor tuned so that I am achieving a balance between resources (not dropping any packets according to snorts.stats) and having some of the EmergingThreats rulesets enabled.  I do have some questions about the stream5 preprocessor though.

I noticed that I was getting "faults" occasionally, and subsequent messages in the daemon.log about pruning sessions, so I increased the memcap limit until these went away.  Is this a "correct" action to take?

Also, I noticed that my Open Sessions stats show open sessions to pretty much always be equal to max sessions, which is set at 8192.  Should I be increasing this, or is that normal behaviour?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20090311/cd40a857/attachment.html>

More information about the Snort-users mailing list