[Snort-users] RE : Re: RE : Re: high packet loss - low throughput

waldo kitty wkitty42 at ...14940...
Fri Jul 19 14:06:25 EDT 2013


On 7/19/2013 09:36, Joel Esler wrote:
> On Jul 19, 2013, at 9:27 AM, rmkml <rmkml at ...1855... <mailto:rmkml at ...1855...>> wrote:
>
>> 3500 rules is high, can you run only with recommended rulesets please? (
>> Around 500 - 1000 rules)
>
> I don’t think that’s the problem. 3500 isn’t a high number of rules. 10000 is.

agreed...

FWIW: counting all the rules in the (VRT managed) Community (VRTC), VRT 
Registered (VRTR), and ET Open (ETO) sets... by default there are...

256   VRTC rules enabled
2358  VRTC rules disabled
=========================
2614  VRTC rules total


3850  VRTR rules enabled
13387 VRTR rules disbled
========================
17237 VRTR rules total


16320 ETO rules enabled
2669  ETO rules disabled
========================
18989 ETO rules total


20442 total enabled
18414 total disabled
====================
38856 total rules


NOTE: "by default" means enabled or disabled out of the box by the 
vendor/maintainer...

i'll leave the count of rules contained in the VRT Subscriber (VRTS) or ET Pro 
(ETP) rules sets to others ;)

-- 
NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.




More information about the Snort-users mailing list