Menu
▾
▴
snort-inline-users
|
From: ss b. <ch...@gm...> - 2005-11-10 11:36:53
|
Hi, I am using snort_inline-2.3.0-RC1 on linux kernel 2.4.25 (server is in bridge mode) and working fine with 50 MB of traffic. Yesterday i have upgarded my snort server to GIGE(fiber) module and diverted 30 MB more traffic to snort , but after that all the users are experiancing slow browsing and pages are opening very slow. Can any one suggest to fine tune the Snort (currently using standard configuration) and OS to perform better with 150 to 200 MB traffic. Below is the hardware configuration P4 Intel(R) Xeon(TM) CPU 3.00GHz (Dual) 2 GB RAM Intel GIGE (fiber) NIC Iptables rule iptables -I FORWARD -s x.x.x.x/16 -j QUEUE Regards Sathyan |
|
From: Dino D. <dra...@gf...> - 2005-11-10 11:46:20
|
Hello Sathyanss, what about your rules, did you disabled rules you don't need ? regards, Dino >Hi, > >I am using snort_inline-2.3.0-RC1 on linux kernel 2.4.25 (server is in >bridge mode) and working fine with 50 MB of traffic. Yesterday i have >upgarded my snort server to GIGE(fiber) module and diverted 30 MB more >traffic to snort , but after that all the users are experiancing slow >browsing and pages are opening very slow. > > >Can any one suggest to fine tune the Snort (currently using standard >configuration) and OS to perform better with 150 to 200 MB traffic. > >Below is the hardware configuration > >P4 Intel(R) Xeon(TM) CPU 3.00GHz (Dual) >2 GB RAM >Intel GIGE (fiber) NIC > > >Iptables rule > >iptables -I FORWARD -s x.x.x.x/16 -j QUEUE > > >Regards >Sathyan > > > >------------------------------------------------------------------------ > > > > -- This message was scanned for spam and viruses by Trinity & BitDefender. |
|
From: Adayadil T. <ada...@gm...> - 2005-11-10 15:04:15
|
what about stream_reassembly preprocessor. Do you have that turned on ? On 11/10/05, Dino Dragovic <dra...@gf...> wrote: > Hello Sathyanss, > > what about your rules, did you disabled rules you don't need ? > > regards, > > Dino > > >Hi, > > > >I am using snort_inline-2.3.0-RC1 on linux kernel 2.4.25 (server is in > >bridge mode) and working fine with 50 MB of traffic. Yesterday i have > >upgarded my snort server to GIGE(fiber) module and diverted 30 MB more > >traffic to snort , but after that all the users are experiancing slow > >browsing and pages are opening very slow. > > > > > >Can any one suggest to fine tune the Snort (currently using standard > >configuration) and OS to perform better with 150 to 200 MB traffic. > > > >Below is the hardware configuration > > > >P4 Intel(R) Xeon(TM) CPU 3.00GHz (Dual) > >2 GB RAM > >Intel GIGE (fiber) NIC > > > > > >Iptables rule > > > >iptables -I FORWARD -s x.x.x.x/16 -j QUEUE > > > > > >Regards > >Sathyan > > > > > > > >------------------------------------------------------------------------ > > > > > > > > > > > > -- > This message was scanned for spam and viruses by Trinity & BitDefender. > > > > > ------------------------------------------------------- > SF.Net email is sponsored by: > Tame your development challenges with Apache's Geronimo App Server. Downl= oad > it for free - -and be entered to win a 42" plasma tv or your very own > Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php > _______________________________________________ > Snort-inline-users mailing list > Sno...@li... > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > |
|
From: chima s <ch...@gm...> - 2005-11-14 04:12:23
|
HI, Is it "preprocessor stream4_reassemble" is this to be turned on or turned off and in case it has to be turned off how to do that Regards Sathyan On 11/10/05, Adayadil Thomas <ada...@gm...> wrote: > > what about stream_reassembly preprocessor. Do you have that turned on ? > > > > On 11/10/05, Dino Dragovic <dra...@gf...> wrote: > > Hello Sathyanss, > > > > what about your rules, did you disabled rules you don't need ? > > > > regards, > > > > Dino > > > > >Hi, > > > > > >I am using snort_inline-2.3.0-RC1 on linux kernel 2.4.25 (server is in > > >bridge mode) and working fine with 50 MB of traffic. Yesterday i have > > >upgarded my snort server to GIGE(fiber) module and diverted 30 MB more > > >traffic to snort , but after that all the users are experiancing slow > > >browsing and pages are opening very slow. > > > > > > > > >Can any one suggest to fine tune the Snort (currently using standard > > >configuration) and OS to perform better with 150 to 200 MB traffic. > > > > > >Below is the hardware configuration > > > > > >P4 Intel(R) Xeon(TM) CPU 3.00GHz (Dual) > > >2 GB RAM > > >Intel GIGE (fiber) NIC > > > > > > > > >Iptables rule > > > > > >iptables -I FORWARD -s x.x.x.x/16 -j QUEUE > > > > > > > > >Regards > > >Sathyan > > > > > > > > > > > > >------------------------------------------------------------------------ > > > > > > > > > > > > > > > > > > > > -- > > This message was scanned for spam and viruses by Trinity & BitDefender. > > > > > > > > > > ------------------------------------------------------- > > SF.Net email is sponsored by: > > Tame your development challenges with Apache's Geronimo App Server. > Download > > it for free - -and be entered to win a 42" plasma tv or your very own > > Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php > > _______________________________________________ > > Snort-inline-users mailing list > > Sno...@li... > > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > > > |
|
From: chima s <ch...@gm...> - 2005-11-11 04:35:20
|
HI, I do not have any idea on the preprocessor. and same was not configured in the snort.conf. What is stream_reassembly preprocessor and do i need to configure Regards Sathyan On 11/10/05, Adayadil Thomas <ada...@gm...> wrote: > > what about stream_reassembly preprocessor. Do you have that turned on ? > > > > On 11/10/05, Dino Dragovic <dra...@gf...> wrote: > > Hello Sathyanss, > > > > what about your rules, did you disabled rules you don't need ? > > > > regards, > > > > Dino > > > > >Hi, > > > > > >I am using snort_inline-2.3.0-RC1 on linux kernel 2.4.25 (server is in > > >bridge mode) and working fine with 50 MB of traffic. Yesterday i have > > >upgarded my snort server to GIGE(fiber) module and diverted 30 MB more > > >traffic to snort , but after that all the users are experiancing slow > > >browsing and pages are opening very slow. > > > > > > > > >Can any one suggest to fine tune the Snort (currently using standard > > >configuration) and OS to perform better with 150 to 200 MB traffic. > > > > > >Below is the hardware configuration > > > > > >P4 Intel(R) Xeon(TM) CPU 3.00GHz (Dual) > > >2 GB RAM > > >Intel GIGE (fiber) NIC > > > > > > > > >Iptables rule > > > > > >iptables -I FORWARD -s x.x.x.x/16 -j QUEUE > > > > > > > > >Regards > > >Sathyan > > > > > > > > > > > > >------------------------------------------------------------------------ > > > > > > > > > > > > > > > > > > > > -- > > This message was scanned for spam and viruses by Trinity & BitDefender. > > > > > > > > > > ------------------------------------------------------- > > SF.Net email is sponsored by: > > Tame your development challenges with Apache's Geronimo App Server. > Download > > it for free - -and be entered to win a 42" plasma tv or your very own > > Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php > > _______________________________________________ > > Snort-inline-users mailing list > > Sno...@li... > > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > > > |
|
From: chima s <ch...@gm...> - 2005-11-11 04:39:21
|
Hi, Below is the list of preprocessor configured preprocessor flow: stats_interval 0 hash 2 preprocessor frag2: timeout 60, memcap 4194304 preprocessor stream4: disable_evasion_alerts preprocessor stream4_reassemble preprocessor http_inspect: global \ preprocessor http_inspect_server: server default \ preprocessor rpc_decode: 111 32771 preprocessor telnet_decode: 23 25 21 119 preprocessor conversation: timeout 120, max_conversations 65335 Regards Sathyan On 11/11/05, chima s <ch...@gm...> wrote: > > HI, > > I do not have any idea on the preprocessor. and same was not configured i= n > the snort.conf. > > What is stream_reassembly preprocessor and do i need to configure > > Regards > Sathyan > > On 11/10/05, Adayadil Thomas <ada...@gm...> wrote: > > > > what about stream_reassembly preprocessor. Do you have that turned on ? > > > > > > > > On 11/10/05, Dino Dragovic <dra...@gf...> wrote: > > > Hello Sathyanss, > > > > > > what about your rules, did you disabled rules you don't need ? > > > > > > regards, > > > > > > Dino > > > > > > >Hi, > > > > > > > >I am using snort_inline-2.3.0-RC1 on linux kernel 2.4.25 (server is > > in > > > >bridge mode) and working fine with 50 MB of traffic. Yesterday i hav= e > > > > > >upgarded my snort server to GIGE(fiber) module and diverted 30 MB > > more > > > >traffic to snort , but after that all the users are experiancing slo= w > > > >browsing and pages are opening very slow. > > > > > > > > > > > >Can any one suggest to fine tune the Snort (currently using standard > > > >configuration) and OS to perform better with 150 to 200 MB traffic. > > > > > > > >Below is the hardware configuration > > > > > > > >P4 Intel(R) Xeon(TM) CPU 3.00GHz (Dual) > > > >2 GB RAM > > > >Intel GIGE (fiber) NIC > > > > > > > > > > > >Iptables rule > > > > > > > >iptables -I FORWARD -s x.x.x.x/16 -j QUEUE > > > > > > > > > > > >Regards > > > >Sathyan > > > > > > > > > > > > > > > > > >----------------------------------------------------------------------= -- > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > > > This message was scanned for spam and viruses by Trinity & > > BitDefender. > > > > > > > > > > > > > > > ------------------------------------------------------- > > > SF.Net email is sponsored by: > > > Tame your development challenges with Apache's Geronimo App Server. > > Download > > > it for free - -and be entered to win a 42" plasma tv or your very own > > > Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php > > > _______________________________________________ > > > Snort-inline-users mailing list > > > Sno...@li... > > > https://lists.sourceforge.net/lists/listinfo/snort-inline-users > > > > > > > |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X