Re: [Snort-users] Improving overall performance of snort and stopping
This is a discussion on Re: [Snort-users] Improving overall performance of snort and stopping within the Snort forums, part of the System Security and Security Related category; Scott Zawalski schrieb: > I am using snort to collect packets on a gig connection that gets on > average ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-05-2003
|
|||
|
|||
Re: [Snort-users] Improving overall performance of snort and stopping
Scott Zawalski schrieb:
> I am using snort to collect packets on a gig connection that gets on > average 1.3 tB/s. [...] > Any tips or tricks are greatly appreciated! > > Thank you, > Scott - Have you tried increasing the number of the ring buffer cells like PCAP_FRAMES=max? - I suppose your ruleset is already optimized - Deactivate preprocessor frag2 if you're behind a defragmenting firewall (Netfilter always defragments if you turn on conntrack) - Blend out the encrypted traffic (SSL/HTTPS/IMAPS/POP3S) Regards, Edin -- Edin Dizdarevic ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
