Snort mailing list archives
Re: Sensor overload - Too much traffic for Snort box?
From: Nigel Houghton <nigel () sourcefire com>
Date: Thu, 14 Jun 2007 09:37:45 -0400
On 6/14/07 2:19 AM, "Ray H." <snort () melray us> wrote:
include /etc/snort/local.rules
Remove this next line:
include /etc/snort/bleeding-all.rules
If you want to use bleeding stuff, do it like the official snort rule set, use individual rule file groupings and disable the rules you do not need.
include $RULE_PATH/bad-traffic.rules include $RULE_PATH/exploit.rules #include $RULE_PATH/scan.rules #include $RULE_PATH/finger.rules include $RULE_PATH/ftp.rules include $RULE_PATH/telnet.rules include $RULE_PATH/rpc.rules #include $RULE_PATH/rservices.rules #include $RULE_PATH/dos.rules #include $RULE_PATH/ddos.rules include $RULE_PATH/dns.rules #include $RULE_PATH/tftp.rules #include $RULE_PATH/web-cgi.rules #include $RULE_PATH/web-coldfusion.rules #include $RULE_PATH/web-iis.rules #include $RULE_PATH/web-frontpage.rules include $RULE_PATH/web-misc.rules include $RULE_PATH/web-client.rules include $RULE_PATH/web-php.rules include $RULE_PATH/sql.rules #include $RULE_PATH/x11.rules #include $RULE_PATH/icmp.rules include $RULE_PATH/netbios.rules #include $RULE_PATH/misc.rules include $RULE_PATH/attack-responses.rules #include $RULE_PATH/oracle.rules include $RULE_PATH/mysql.rules #include $RULE_PATH/snmp.rules include $RULE_PATH/smtp.rules #include $RULE_PATH/imap.rules #include $RULE_PATH/pop2.rules include $RULE_PATH/pop3.rules #include $RULE_PATH/nntp.rules #include $RULE_PATH/other-ids.rules #include $RULE_PATH/experimental.rules include /etc/snort/threshold.conf
-- Nigel Houghton Office Linebacker SF VRT ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort memory swap usage Zakai Kinan (Jun 06)
- Re: Snort memory swap usage Todd Wease (Jun 06)
- Sensor overload - Too much traffic for Snort box? Ray H. (Jun 08)
- Re: Sensor overload - Too much traffic for Snort box? Benjamin Small (Jun 08)
- Re: Sensor overload - Too much traffic for Snort box? Fábio a.k.a Fósforo (Jun 08)
- Re: Sensor overload - Too much traffic for Snort box? Ray H. (Jun 08)
- Re: Sensor overload - Too much traffic for Snort box? Matthew Watchinski (Jun 09)
- Re: Sensor overload - Too much traffic for Snort box? Ray H. (Jun 11)
- Re: Sensor overload - Too much traffic for Snort box? Matthew Watchinski (Jun 11)
- Re: Sensor overload - Too much traffic for Snort box? Ray H. (Jun 13)
- Re: Sensor overload - Too much traffic for Snort box? Nigel Houghton (Jun 14)
- Re: Sensor overload - Too much traffic for Snort box? Matthew Watchinski (Jun 14)
- mpls ty (Jun 14)
- Re: mpls Paul Melson (Jun 15)
- Re: mpls Martin Roesch (Jun 15)
- Re: mpls Matthew Watchinski (Jun 15)
- Re: Snort memory swap usage Marc Norton (Jun 13)