[Snort-users] Getting tuned finally!

Joel Esler eslerj at ...11827...
Wed Mar 11 17:19:05 EDT 2009

If you increase this number, obviously it will allow you to track more
sessions.  What is the placement of your sensor (inside or outside

On Wed, Mar 11, 2009 at 4:55 PM, Jefferson, Shawn <
Shawn.Jefferson at ...14448...> wrote:

>  So I think I’m finally getting my snort sensor tuned so that I am
> achieving a balance between resources (not dropping any packets according to
> snorts.stats) and having some of the EmergingThreats rulesets enabled.  I do
> have some questions about the stream5 preprocessor though.
> I noticed that I was getting “faults” occasionally, and subsequent messages
> in the daemon.log about pruning sessions, so I increased the memcap limit
> until these went away.  Is this a “correct” action to take?
> Also, I noticed that my Open Sessions stats show open sessions to pretty
> much always be equal to max sessions, which is set at 8192.  Should I be
> increasing this, or is that normal behaviour?
> Thanks,
> Shawn
> ------------------------------------------------------------------------------
> Apps built with the Adobe(R) Flex(R) framework and Flex Builder(TM) are
> powering Web 2.0 with engaging, cross-platform capabilities. Quickly and
> easily build your RIAs with Flex Builder, the Eclipse(TM)based development
> software that enables intelligent coding and step-through debugging.
> Download the free 60 day trial. http://p.sf.net/sfu/www-adobe-com
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

Joel Esler
T: 302-223-5974 (-) Gtalk: jesler at ...1935...
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20090311/cac842d6/attachment.html>

More information about the Snort-users mailing list