Snort mailing list archives
RE: snort dropping 48%
From: Michael Boman <michael () ayeka dyndns org>
Date: Sat, 08 May 2004 11:44:45 +0800
On Fri, 2004-05-07 at 23:23, Chuck Holley wrote:
I'm not sure exactly what I am supposed to tweak?? I am running the new snort, and have it pointing to the conf which going to a MySQL database. Now I am not seeing the amount of traffic I thought I would be seeing, especially to my websites. So I think it is dropping packets due to traffic, but I cant be sure. This is the command I issue: snort -dc /etc/snort/snort.conf would the fast mode switch help me? should I use barnyard? Any help would be great
Let me get this straight: You are letting snort log to MySQL on it's own? That's one very effective way to kill snort performance. Yes, you should install and use barnyard - there is no way you will get snort keep up with any sort of decent traffic speed if you expect it to insert the alerts into the database as well... Best regards Michael Boman -- Michael Boman
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- legit network-traffic generating tool?, (continued)
- legit network-traffic generating tool? siddharth thakkar (Apr 28)
- RE: snort dropping 48% Sheahan, Paul (May 06)
- Re: snort dropping 48% sgt_b (May 06)
- RE: snort dropping 48% Sheahan, Paul (May 06)
- Re: snort dropping 48% sgt_b (May 06)
- RE: snort dropping 48% Sheahan, Paul (May 06)
- RE: snort dropping 48% Frank Knobbe (May 06)
- Re: snort dropping 48% sgt_b (May 06)
- Re: snort dropping 48% Josh Berry (May 07)
- RE: snort dropping 48% Chuck Holley (May 07)
- RE: snort dropping 48% Michael Boman (May 10)
- Message not available
- RE: snort dropping 48% Josh Berry (May 07)
- RE: snort dropping 48% Josh Berry (May 07)
- RE: snort dropping 48% Josh Berry (May 07)