Snort configuration



  • Can anyone explain to me the different performance settings for snort? IE what does ac, ac-banded, etc do?

    I love what you've done so far with snort Scott. Great job! One feature I would like to see would be able to check which individual rules under each ruleset I want to enable/disable.

    Thanks



  • Also, I believe someone else posted this issue, but I am seeing a big slow down in the snort web gui when I click on Snort Blocked. I am running Release 1.0 with snort 2.6.0.2.2. Sometimes it will take minutes for that list to display.



  • I would also like to know what the different performance setting for snort mean.

    I am running 1.0 with snort 2.6.0.2.2 and have no issues with the snort web gui. I know it requires faster hardware inorder to run it, what is your system?

    Is your memory or processor taxed?

    I have a pentium 4 2.8GHZ with 512Ram with no issues with snort.



  • I am running an AMD 1.0ghz with 512mb. I notice that my mem usage stays at about 50% using the mwm performance setting.

    Anyone able to explain the different settings ? :)



  • http://www.snort.org/docs/snort_htmanuals/htmanual_260/node10.html

    check out section 2.0.3.2 under directive "detection" for an explaintion. Its just probably a difference in the algorithms used by Snort to analyze the packets depending on what kind of hardware it's being used on.



  • awesome, thanks for the link!


Log in to reply