Snort mailing list archives
Re: Improving performance by timing each rule?
From: Matt Jonkman <jonkman () bleedingthreats net>
Date: Fri, 13 Apr 2007 11:58:05 -0400
Yes, chapter 7 rules! :) 6 is good, but it's no 7... Seriously, I agree with you OlRoy. That book came out better than any I'd ever read before, and I'm not just saying that because I wrote a chapter. The other contributors to it (including Joel) put some incredible info in there. Much easier to use and apply I think. Glad you're enjoying it. Matt OlRoy OlRoy wrote:
Thanks Joel, I'll do that. I'm on chapter 5 now so I should be on 6
later today. So far I'm loving the book. I've read a few books on
Snort, and this one is turning out to be my favorite.
Matt, chapter 7 is one of the chapters that I'm looking forward to
reading the most. I've skimmed through it and can tell it will be a
good read.
Thank you both for sharing your knowledge!
*/Joel Esler <joel.esler () sourcefire com>/* wrote:
Ask, and ye shall receive. Read Chapter 6.
J
On Fri, Apr 13, 2007 at 07:50:15AM -0700, it looks like OlRoy OlRoy
sent me:
>
> I'm reading Snort IDS and IPS Toolkit and in it they said that even
> the fastest computer could be incapable of monitoring a 56k link if
> you're using rules that were poorly written. Given that performance
> is important with Snort, and that rules affect performance, would it
> be helpful if Snort had a way of printing rules that are taking the
> longest time to process? A top 10 list would enable people to see
> rules might need to be modified or removed.
> _________________________________________________________________
>
> Ahhh...imagining that irresistible "new car" smell?
> Check out [1]new cars at Yahoo! Autos.
>
> References
>
> 1.
http://us.rd.yahoo.com/evt=48245/*http://autos.yahoo.com/new_cars.html;_ylc=X3oDMTE1YW1jcXJ2BF9TAzk3MTA3MDc2BHNlYwNtYWlsdGFncwRzbGsDbmV3LWNhcnM-
>
-------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to
share your
> opinions on IT & business topics through brief surveys-and earn cash
>
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
+---------------------------------------------------------------------+
Joel Esler Security Consultant
gpg key: http://demo.sourcefire.com/jesler.pgp.key
+---------------------------------------------------------------------+
------------------------------------------------------------------------
Ahhh...imagining that irresistible "new car" smell?
Check out new cars at Yahoo! Autos.
<http://us.rd.yahoo.com/evt=48245/*http://autos.yahoo.com/new_cars.html;_ylc=X3oDMTE1YW1jcXJ2BF9TAzk3MTA3MDc2BHNlYwNtYWlsdGFncwRzbGsDbmV3LWNhcnM->
------------------------------------------------------------------------
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- -------------------------------------------- Matthew Jonkman Bleeding Edge Threats 765-429-0398 765-807-3060 fax http://www.bleedingthreats.net -------------------------------------------- PGP: http://www.bleedingthreats.com/mattjonkman.asc ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Improving performance by timing each rule? OlRoy OlRoy (Apr 13)
- Re: Improving performance by timing each rule? Joel Esler (Apr 13)
- Re: Improving performance by timing each rule? OlRoy OlRoy (Apr 13)
- Re: Improving performance by timing each rule? Matt Jonkman (Apr 13)
- Re: Improving performance by timing each rule? OlRoy OlRoy (Apr 13)
- Re: Improving performance by timing each rule? Joel Esler (Apr 13)