RuggedCom RX1100 ユーザーズマニュアル
Chapter 25 – Configuring The Snort IDS
When the alert file method is chosen, a daily analysis of the file can be emailed.
The SIDs referenced in alerts can be used to quickly locate the rule via the main Sort
IDS menu. The rule itself often contains HTML links to Internet resources such as
The SIDs referenced in alerts can be used to quickly locate the rule via the main Sort
IDS menu. The rule itself often contains HTML links to Internet resources such as
and cve.mitre.org. These provide more in depth
descriptions of the vulnerability.
Performance And Resources
The performance impact of snort varies with the number of interfaces monitored, the
number of rules enabled, the packet rate and the logging method.
Snort has been empirically determined to use about 20% of the CPU clock cycles at
its maximum processing rate.
The router is capable of recording about 300 entries/second to the local syslog and
500 entries/second to the alert file. Alerts at rates exceeding the above rates will not
be recorded.
Snort will require 5 Mbytes of system memory to start with an additional 15 Mbytes
of memory for each interface monitored.
number of rules enabled, the packet rate and the logging method.
Snort has been empirically determined to use about 20% of the CPU clock cycles at
its maximum processing rate.
The router is capable of recording about 300 entries/second to the local syslog and
500 entries/second to the alert file. Alerts at rates exceeding the above rates will not
be recorded.
Snort will require 5 Mbytes of system memory to start with an additional 15 Mbytes
of memory for each interface monitored.
Snort IDS Main Menu
This menu configures the snort IDS and is composed of three sections.
Note that snort is disabled by default and may be enabled via the System folder,
Bootup And Shutdown menu. If snort is running, configuration changes must be
made active by restarting it. The Restart Snort button will restart snort, listing the
interfaces it is active upon.
Note that snort is disabled by default and may be enabled via the System folder,
Bootup And Shutdown menu. If snort is running, configuration changes must be
made active by restarting it. The Restart Snort button will restart snort, listing the
interfaces it is active upon.
Global Configuration
Figure 194: Snort Main Menu part 1
The Global Configuration menu section configures parameters that apply to all
interfaces.
interfaces.
Interfaces
Figure 195: Snort Main Menu part 2
The Interfaces section selects the interfaces snort will monitor. You must restart snort
after changing interfaces.
after changing interfaces.
RuggedCom 231