52
edits
Snort: Difference between revisions
add mem config
(stub) |
(add mem config) |
||
| Line 5: | Line 5: | ||
All configurations of the Snort analysis are done via the Global Settings, under Generic Settings > Snort analysis. | All configurations of the Snort analysis are done via the Global Settings, under Generic Settings > Snort analysis. | ||
[[File:Snort Settings.png|thumb|Snort section of the generic settings page]] | |||
=== Configuring memory === | |||
Snort needs a certain amount of memory to be able to perform the intrusion detection and threat analysis. The more memory Snort is configured to use, the less memory will be available for the in-memory databases of the multimeter. Snort may only use half of the systems memory at max, but generally the software is able to run with less than one gigabyte of memory. The default setting allocates 256MB for the Snort analysis, and generally we do not recommend going too far below this value, as too little memory can cause Snort to hang and crash during analysis. If you experience similar issue, try raising the memory threshold. | |||
Below the slider for maximum memory, a value for "Usable memory" is displayed. This value is a soft memory limit for Snort, which will cause it to be throttled when it reaches it. The usable memory is 5MB below the maximum. If Snort should reach the true maximum memory threshold it will immediately be killed by the OOM manager. | |||
Changing this setting requires a processing restart in order to allocate the configured memory. | |||
=== Configuring Snort === | === Configuring Snort === | ||
==== Config/Lua ==== | |||
Snort can be configured via Lua scripts which are executed in a sandboxed environment at startup. The multimeter is delivered with the default configuration files of Snort, with the exception that some of the variables have been moved to a new <code>config.lua</code> file. This file is included before everything else. | |||
In order to edit this configuration the multimeter provides a web-based interface to either change the <code>config.lua</code> via a GUI, or to edit any configuration file directly. To start editing the configuration click the "Edit config" button. | |||