mailing list archives
Re: Barnyard2 configure/compile problems and startup error: "Snort not compiled to use mysql" message followup - 1st time barnyard user
From: waldo kitty <wkitty42 () windstream net>
Date: Tue, 07 May 2013 12:49:07 -0400
On 5/7/2013 09:34, Lars wrote:
While it appears we have snort doing unified logging now as long as we use the
–k in the snort startup command I am not sure what the reason is for that or if
we may still have something wrong in one of these files we could do better with?
from the (2.9.4) manual (pdf)
Snort 2.9 introduces the DAQ, or Data Acquisition library, for packet I/O. The
DAQ replaces direct calls to PCAP functions with an abstraction layer that
facilitates operation on a variety of hardware and software interfaces without
requiring changes to Snort. It is possible to select the DAQ type and mode when
invoking Snort to perform PCAP readback or inline operation, etc.
Some network cards have features named ”Large Receive Offload” (lro) and
”Generic Receieve Offload” (gro). With these features enabled, the network card
performs packet reassembly before they’re processed by the kernel.
By default, Snort will truncate packets larger than the default snaplen of 1518
bytes. In addition, LRO and GRO may cause issues with Stream5 target-based
reassembly. We recommend that you turn off LRO and GRO. On linux systems, you
$ ethtool -K eth1 gro off
$ ethtool -K eth1 lro off
i found the above by searching the manual for '-k' (without the single quote
marks) and these two instances are the only ones that turned up... granted, this
is for an older version of snort (184.108.40.206) but their use is still the same...
searching for 'offload' also results in the same being found... we generally see
'-k' mentioned when snort is not outputting anything and there is traffic known
to be flowing... telling snort to compensate for the offload then enables it to
perform its tasks...
NOTE: No off-list assistance is given without prior approval.
Please keep mailing list traffic on the list unless
private contact is specifically requested and granted.
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
Please visit http://blog.snort.org to stay current on all the latest Snort news!