Snort mailing list archives
Re: Dropped: 236694431 (64.559%) 64% packet loss
From: Pedro Marinho <pppmarinho () gmail com>
Date: Wed, 17 Jun 2009 11:23:39 -0300
Jason,
i did with the -T switch.. i did forgot that you ccan up snort in test mode
with the -T option
+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
6713 Snort rules read
6713 detection rules
0 decoder rules
0 preprocessor rules
6713 Option Chains linked into 315 Chain Headers
0 Dynamic rules
so this is too much rules?
i think the problem is with the network card.. a gentlemen did tell me that
he had a similar problem with this network card and did advise me to try to
mess around with the buffer size using the ethtool command.. but i am afraid
to misconfigure it..
ps: now i will make the test that Joel Esler did tell before that is try to
load only one rules file and see if this make a performance improvement.. i
am so dumb the best time to test this things is at the peak time of
traffic..
2009/6/16 Jason Wallace <jason.r.wallace () gmail com>
try using -T then you should see something like this... +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... 7193 Snort rules read 6951 detection rules 65 decoder rules 177 preprocessor rules 7193 Option Chains linked into 634 Chain Headers 0 Dynamic rules +++++++++++++++++++++++++++++++++++++++++++++++++++ On Tue, Jun 16, 2009 at 10:46 AM, Pedro Marinho<pppmarinho () gmail com> wrote:Jason, That is a good question because i did check line per line here at /var/log/messages (when snort starts) and cannot find the informationaboutthe exactly number of rules that are loaded at snort in run time.. do you have this line for me to search here in vi.. i mean the line that showthatinformation? thanks ps: i am a newbie guys Message: 5 Date: Tue, 16 Jun 2009 08:53:59 -0400 From: Jason Wallace <jason.r.wallace () gmail com> Subject: Re: [Snort-users] Snort-users Digest, Vol 37, Issue 18 To: snort-users () lists sourceforge net Message-ID: <cbe5b93b0906160553q463fa2b7re099a8debcd6e716 () mail gmail comContent-Type: text/plain; charset=ISO-8859-1 If your running all of the rules from all of those categories, that might make up "a lot of rules". How many rules does it say in the syslog were loaded when snort starts?
------------------------------------------------------------------------------ Crystal Reports - New Free Runtime and 30 Day Trial Check out the new simplified licensing option that enables unlimited royalty-free distribution of the report engine for externally facing server and web deployment. http://p.sf.net/sfu/businessobjects
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Dropped: 236694431 (64.559%) 64% packet loss Pedro Marinho (Jun 12)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Joel Esler (Jun 12)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Pedro Marinho (Jun 12)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Martin Roesch (Jun 12)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Pedro Marinho (Jun 12)
- <Possible follow-ups>
- Dropped: 236694431 (64.559%) 64% packet loss Pedro Marinho (Jun 16)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Jason Wallace (Jun 16)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Pedro Marinho (Jun 17)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Jason Wallace (Jun 17)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Pedro Marinho (Jun 17)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Jason Wallace (Jun 17)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Jason Wallace (Jun 16)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Joel Esler (Jun 12)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Joel Esler (Jun 17)
- Re: Dropped: 236694431 (64.559%) 64% packet loss Pedro Marinho (Jun 17)