Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Same config, FreeBSD vs OpenBSD, WAY different results

From: Erek Adams <erek () snort org>
Date: Sun, 12 Oct 2003 17:51:56 -0400 (EDT)
On Sun, 12 Oct 2003, Jim Brown wrote:


Re: Version 2.0.2 (Build 92)


The two systems listed have the same config:

The OpenBSD system routinely logs more than 5000 entries while
the FreeBSD system logs less than 600 entries.

The two systems are on the same subnet.

Can anyone tell me why OpenBSD logs far more snort entries with
the same config???


[...snip...]

Good info.  Glad someone took note. :)

Well....  The one thing you don't tell us is the hardware design of your
network.  If these are off of the same set of mirror/SPAN ports, then
something is odd.  If they are both plugged into the same 'auto sensing
hub' then make sure both are running at the same speed and see Snort FAQ
#6.21 [0].  If they are on a unmanaged switch, then you're only seeing the
traffic headed to each box.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


[0]     http://www.snort.org/docs/FAQ.txt


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: