Re: Can I 'nice' snort process?

["D.Rajesh Kumar" <drajesh () pune tcs co in>]

If you only want the signatures targeted at your web server you can think of
disabling other rules in your snort.Finger,smtp,sql,telnet,etc....But you won't
be able to detect the overall attacks targeted on your network.

Bye Drajesh

Saad Kadhi wrote:

> On Thu, 2002-01-10 at 19:03, Tran, John wrote:
> > I'm running snort on one of my web servers as a local IDS (don't ask me why,
> > let's just go along w/ it for now..) and it takes up massive amounts of CPU
> > (40%), which can be expected considering it's a large amount of traffic.  It
> > was suggested to me to run 'nice' on the process to throttle it's CPU usage,
> > but I'm pretty sure throttling snort will cause it to drop a lot of packets.
> > Is this true?
> yep at least to my field knowledge. But instead of nice-ing, you could
> log less stuff, tune up your kernel, etc...
>
> regards.
>
> --
> /Saad --  [bsdguy () docisland org]
> [pgp keyid: 35592A6D http://pgp.mit.edu]
> # buy a geek-in-a-can, point nozzle at technical problem and spray
> # if desesperate degauss your screen. it might solve your pb as well
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users