Snort mailing list archives
Re: Snort 2.6.1.3 ignoring stream4
From: "Justin Heath" <justin.heath () gmail com>
Date: Wed, 18 Apr 2007 15:10:14 -0400
Try turning on rule profiling and see if you have any rules which may be causing an issue. Which output plugin are you using (unified, mysql etc.)? Also, how long does it take for this issue to show up after starting snort? Cheers, Justin Heath On 4/18/07, Frank Knobbe <frank () knobbe us> wrote:
On Mon, 2007-04-16 at 14:50 -0400, Paul Melson wrote:Hey Joel and anyone else that has any more ideas, I am still experiencing performance issues with this sensor. I built 2.6.1.4 and added 'search-method ac-bnfa' to snort.conf and have seen no performance change. I tried building with or without the dynamic engine and processors and that doesn't seem to make a difference, either. Any additional ideas? What could I be missing here? I can run on 2.6.0.2 for now, but I'd like to know that I have an upgrade path.If performance is more important that the slightly higher accuracy in alerts, why not run an older version of Snort? (like 2.4.x) No need to always HAVE the latest versions of software. I still use some software from the late nineties because it still works great and gives me what I need (interestingly, a lot of these are less bloated and more stable that newer versions of the same or similar products.... hmmmmm....) Cheers, Frank -- It is said that the Internet is a public utility. As such, it is best compared to a sewer. A big, fat pipe with a bunch of crap sloshing against your ports. ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Snort 2.6 working with Snortsam, Redhat and a Cisco ASA, (continued)
- Re: Snort 2.6 working with Snortsam, Redhat and a Cisco ASA Joel Esler (Apr 05)
- Re: Snort 2.6.1.3 ignoring stream4 Adam Keeton (Apr 05)
- Re: Snort 2.6.1.3 ignoring stream4 Joel Esler (Apr 05)
- Re: Snort 2.6.1.3 ignoring stream4 Paul Melson (Apr 06)
- Re: Snort 2.6.1.3 ignoring stream4 Joel Esler (Apr 06)
- Re: Snort 2.6.1.3 ignoring stream4 Paul Melson (Apr 06)
- Re: Snort 2.6.1.3 ignoring stream4 Darryl Taylor (Apr 06)
- Re: Snort 2.6.1.3 ignoring stream4 Paul Melson (Apr 07)
- Re: Snort 2.6.1.3 ignoring stream4 Paul Melson (Apr 06)
- Re: Snort 2.6.1.3 ignoring stream4 Paul Melson (Apr 16)
- Re: Snort 2.6.1.3 ignoring stream4 Frank Knobbe (Apr 18)
- Re: Snort 2.6.1.3 ignoring stream4 Justin Heath (Apr 18)
- Message not available
- Re: Snort 2.6.1.3 ignoring stream4 Paul Melson (Apr 19)
- Re: Snort 2.6.1.3 ignoring stream4 Nigel Houghton (Apr 19)