Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Which snort rules to use? How much ram?

    Scheduled Pinned Locked Moved pfSense Packages
    1 Posts 1 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mrfrankmrfrank
      last edited by

      Hey guys, just wanted to say that pfsense is new to me and seems great so far.  I've migrated here from ipcop.  It took me awhile to get snort working, but I finally figured out the problem.  It seems that I was enabling too many rule categories perhaps?  I would start the snort service, then it would say that snort has started, but it clearly wasn't.  I dropped the number of rule categories back, and now snort starts fine.  It is using 75% of my 1gig of ram when snort is on.  How many categories should I be able to select, and which ones are "essential"  Should snort be using that much ram on say…..5-6 categories selected?  I know it depends on the categories and how many rules they have, but I anticipated less hardware dependency for so few categories selected.

      Thanks guys for the advice!

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.