Snort mailing list archives
What does lightweight mean?
From: "Anderson, Bill" <wander01 () mail state mo us>
Date: Wed, 30 May 2001 09:19:35 -0500
I have been considering Snort as an IDS for our organization, but several people have tried to steer me away because Snort is described as 'lightweight.' What does the term lightweight mean or imply? Does it mean it can only handle light network traffic streams, or does it mean it is light in terms of needed resources? Or is it something else entirely? Any thoughts are welcome. Also, I am currently running snort in the tcpdump file read mode, reading the files that our Shadow IDS created. Shadow only records the first 68 bytes of each packet in the tcpdump log file. Is this enough packet data for the Snort rules? Or will Snort work better with more or the entire packet? _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- What does lightweight mean? Anderson, Bill (May 30)
- Re: What does lightweight mean? Martin Roesch (May 30)
- Re: What does lightweight mean? Martin Roesch (May 30)
- Snort vs TCPdump Jean sébastien Op de Beeck (May 30)
- Re: Snort vs TCPdump Denis Ducamp (May 30)
- Re: Snort vs TCPdump Fyodor (Jun 02)
- Re: What does lightweight mean? Martin Roesch (May 30)
- Re: What does lightweight mean? Martin Roesch (May 30)
- Re: What does lightweight mean? Chris Green (May 30)
- Re: What does lightweight mean? Talisker (May 31)
- <Possible follow-ups>
- RE: What does lightweight mean? Steve Halligan (May 30)