Snort mailing list archives
RE: snort 2.0.1
From: Matt Kettler <mkettler () evi-inc com>
Date: Thu, 07 Aug 2003 17:23:30 -0400
At 04:43 PM 8/6/2003 -0400, Luo, Philip wrote:
My question is I did not see this returning before, is there a problem?
You should see packet statistics every time you exit snort when you start it in non-daemon mode. If you don't see all that, you've got problems.
What would be the reason I lost many packets?
In short, your system is too slow for the snort setup you've got.Check to see if you're digging into your swapfile. If you are, try turning off some memory intensive features.
It may also be that your CPU isn't fast enough to keep up, in which case you need to make your configurationless CPU intensive.
The spp_portscan2/spp_conversation pair is VERY memory and CPU intensive, so if you have those on you might consider trying it without them. From there you can start tweaking and see how it goes.
------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort 2.0.1 Luo, Philip (Aug 06)
- Re: snort 2.0.1 Matt Kettler (Aug 06)
- <Possible follow-ups>
- RE: snort 2.0.1 Luo, Philip (Aug 06)
- RE: snort 2.0.1 Matt Kettler (Aug 07)