[Snort-users] Getting tuned finally!
Shawn.Jefferson at ...14448...
Wed Mar 11 16:55:36 EDT 2009
So I think I'm finally getting my snort sensor tuned so that I am achieving a balance between resources (not dropping any packets according to snorts.stats) and having some of the EmergingThreats rulesets enabled. I do have some questions about the stream5 preprocessor though.
I noticed that I was getting "faults" occasionally, and subsequent messages in the daemon.log about pruning sessions, so I increased the memcap limit until these went away. Is this a "correct" action to take?
Also, I noticed that my Open Sessions stats show open sessions to pretty much always be equal to max sessions, which is set at 8192. Should I be increasing this, or is that normal behaviour?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users