[Snort-users] How to determine that the Snort is ready to capture the traffic?

Joel Esler (jesler) jesler at ...589...
Tue Jun 14 18:35:12 EDT 2016


I think the first question I would ask… Why are you loading 50k rules?



--
Joel Esler
Manager, Talos Group




> On Jun 14, 2016, at 7:17 AM, Andrei_1980 <andrei_1980 at ...1975...> wrote:
> 
> Hi all.
> 
> I have a question.
> I use Snort 2.9.8.0 with near 50k rules. On slow PC, time to completely load all rules and Snort ready to process traffic take up 1 min. Sometimes more sometimes less. When snort run in background mode, I need to define time exactly when snort begin ready to process traffic. Is there any way to determine that moment (when Snort ready to capture traffic)?
> P.s. Now i use simple way - grep stdout until some text pattern. But it will be wonder, if Snort could announce readiness event.
> 
> ------------------------------------------------------------------------------
> What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
> patterns at an interface-level. Reveals which users, apps, and protocols are
> consuming the most bandwidth. Provides multi-vendor support for NetFlow,
> J-Flow, sFlow and other flows. Make informed decisions using capacity
> planning reports. https://ad.doubleclick.net/ddm/clk/305295220;132659582;e_______________________________________________ <https://ad.doubleclick.net/ddm/clk/305295220;132659582;e_______________________________________________>
> Snort-users mailing list
> Snort-users at lists.sourceforge.net <mailto:Snort-users at ...973...et>
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users <https://lists.sourceforge.net/lists/listinfo/snort-users>
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users <http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users>
> 
> Please visit http://blog.snort.org <http://blog.snort.org/> to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20160614/0d012821/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 163 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20160614/0d012821/attachment.sig>


More information about the Snort-users mailing list