[Snort-users] A few questions regarding Solaris

Robert Riskin freshbones at ...11827...
Mon Aug 30 07:54:07 EDT 2010


Hey everyone,

Just joined list, have been using Snort for the last year or so.  I chose to
run it on Solaris 10/8 because my HP box had Solaris drivers for the RAID
controller and special NICs I got.  I have a few questions regarding
SO_RULES.

Mainly, has anyone gotten them to compile on a Solaris build?  I'm not
successful at compiling them from scratch.  I pay the subscription fee and I
feel that I'm taking advantage of the subscription by not using the
SO_RULES.  Any help at all would be great!

Also i'm running it on a heavily trafficed VLAN, lots of server and
workstation traffic, to/from Internet, etc.  I know that some alerts are
being missed.  I have tuned out a lot of the snort rulesets and use emerging
markets and most of the malware rulesets.  I still find myself missing
alerts, for example i'll try and hit one of the RBN sites and sometimes
Snort will trigger and alert and sometimes it won't.  Is there anything I
can do to make sure it captures everything without missing anything.  My box
has 10GB of Ram and 500GB 10k harddrives.  So i'm not sure where the
bottleneck is.  I run snort 8.6 and barnyard 1 because 2 wouldn't compile
correctly for me on Solaris; I run both of these in damon mode.

Any help is greatly appreciated!!

I was debating switching to a platform that has the SO_RULES ready to go,
but i'm concerned that HP won't have drivers for that platform . . . running
an HP ML370 G5

-Joe
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20100830/7251afee/attachment.html>


More information about the Snort-users mailing list