Summary
This chapter is a guide to tuning Snort and the components that influence Snort's behavior. There are two goals of the tuning process. The first is to reduce the number of packets dropped to a negligible amount or to zero. The second is to reduce the number of false positives to one you can manage, without compromising Snort's capability to detect malicious traffic.
You can check whether Snort is dropping packets by issuing a command that forces Snort to output its internal statistics. You can use this information to tune and track your progress in the tuning of Snort. The most basic and fundamental change you can make to improve Snort's performance and to reduce packet loss is to make use of Barnyard to process alerts. Another simple ...
Get Intrusion Detection with Snort now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
