Re: [Snort-users] Snort questions
This is a discussion on Re: [Snort-users] Snort questions within the Snort forums, part of the System Security and Security Related category; At 10:39 AM 7/5/2004, shashank.joshi@tcs.com wrote: >It is mentioned that snort has a '...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
07-06-2004
|
|||
|
|||
Re: [Snort-users] Snort questions
At 10:39 AM 7/5/2004, shashank.joshi@tcs.com wrote:
>It is mentioned that snort has a 'very small footprint' what is the size >of the footprint ? This varies a lot based on configuration. A copy of snort 2.2.0-rc1 using a more-or-less default config (single /24 in HOME_NET, no other changes) has a RSS of 34352 k on my system. Switching the "search-method" to "lowmem" drops the rss to 11200 k One could drop it much further by reducing the number of rules used, and by turning off preprocessors. >whether snort RPMs are stable and what are the pros and cons of using RPM >over compiling from source ? I personally prefer compiling from source, but that's largely because I use a stack protection type compiler for this kind of thing. RPMS: easy source: more flexible in build options, choice of compiler, etc. >how to prepare reports from snort logs ? http://www.snort.org/dl/contrib/data_analysis/ >what is the best method of rules updation ? I've never used it, but many on the list seem to like oinkmaster as a rule-update manager. http://www.snort.org/dl/contrib/rule...nt/oinkmaster/ >how frequently do I need to upgrade snort ? New versions of significance seem to happen about 3-4 times a year. You might find yourself valuing different features than I do, so you may update more or less frequently. >any suggestions for backup strategy ? backup of what? The snort data? depends on how you log it.. ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
