[Snort-users] A few questions regarding Solaris
freshbones at ...11827...
Mon Aug 30 07:54:07 EDT 2010
Just joined list, have been using Snort for the last year or so. I chose to
run it on Solaris 10/8 because my HP box had Solaris drivers for the RAID
controller and special NICs I got. I have a few questions regarding
Mainly, has anyone gotten them to compile on a Solaris build? I'm not
successful at compiling them from scratch. I pay the subscription fee and I
feel that I'm taking advantage of the subscription by not using the
SO_RULES. Any help at all would be great!
Also i'm running it on a heavily trafficed VLAN, lots of server and
workstation traffic, to/from Internet, etc. I know that some alerts are
being missed. I have tuned out a lot of the snort rulesets and use emerging
markets and most of the malware rulesets. I still find myself missing
alerts, for example i'll try and hit one of the RBN sites and sometimes
Snort will trigger and alert and sometimes it won't. Is there anything I
can do to make sure it captures everything without missing anything. My box
has 10GB of Ram and 500GB 10k harddrives. So i'm not sure where the
bottleneck is. I run snort 8.6 and barnyard 1 because 2 wouldn't compile
correctly for me on Solaris; I run both of these in damon mode.
Any help is greatly appreciated!!
I was debating switching to a platform that has the SO_RULES ready to go,
but i'm concerned that HP won't have drivers for that platform . . . running
an HP ML370 G5
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users