|
|
Re: [Listeningpost] Mem and CPU usage: msg#00155security.ids.snort.bleedingsnort
Very good questions Ron, but lets move this to bleeding-sigs. Better forum for this. I'm sure others can speak to this better than I. I haven't gotten too deep into 2.6 yet. But the memory consumption I know is significantly higher. Maybe a few people can make recommendations as to minimizing that? Matt RON SANTA CRUZ wrote: > Hello, > > wondering if someone could clear up a few questions and also maybe > recommend the best setup for my scenerio. > > We just recently tried to upgrade to the latest version of snort > 2.6.1.2. We were running snort 2.4.2 previous to the upgrade. We are > running a total of six intances of snort on 1 box with 6 interfaces. > This setup has worked without problems issues in the past. > > During our test upgrade we found that the same box could barely run 2 > intances of Snort before it would crash and system would become > unresponsive. The memory usage was at about 50-80% for an intance of snort. > > *My questions are; looking at the change log wasn’t this fixed in the > current version that was released? > *What is the default “PATTERN DETECTION” engine for Snort 2.4.x and also > for the Current version of Snort 2.6.x.x—in other words which pattern > dectection is it using. > *What problems can/will rise from changing the setting: > config detection: search method [ac,ac-std…etc] from the > standard/default detection engine Snort uses by default? > > Will one detection engine lose packets/drop packets/miss packets > compared to another is so which one is the most reliable/secure to use? > > Thanks for the help in advanced. > Email is rscsantacruzrsc-PkbjNfxxIARBDgjK7y7TUQ@xxxxxxxxxxxxxxxx > > > _______________________________________________ > Listeningpost mailing list > Listeningpost-WwB1pFISwSkm7effSn6vN9HuzzzSOjJt@xxxxxxxxxxxxxxxx > http://lists.bleedingthreats.net/cgi-bin/mailman/listinfo/listeningpost -- -------------------------------------------- Matthew Jonkman Bleeding Edge Threats 765-429-0398 765-807-3060 fax http://www.bleedingthreats.net -------------------------------------------- PGP: http://www.bleedingthreats.com/mattjonkman.asc |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | P0F in Snort?: 00155, Matt Jonkman |
|---|---|
| Next by Date: | RE: P0F in Snort?: 00155, Michael Scheidell |
| Previous by Thread: | P0F in Snort?i: 00155, Matt Jonkman |
| Next by Thread: | DNS Query sigs: 00155, Matt Jonkman |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |