More bugfixes / performance improvements

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

More bugfixes / performance improvements

user8446
Administrator
Stability and speed improvements in snort config:

old:
preprocessor frag3_global: max_frags 65536
new:
preprocessor frag3_global: disabled

old:
preprocessor http_inspect: global iis_unicode_map unicode.map 1252 compress_depth 65535 decompress_depth 65535
new:
preprocessor http_inspect: global disabled memcap 150994944 compress_depth 65535 decompress_depth 65535 max_gzip_mem 838860

old:
unlimited_decompress \
new:
#unlimited_decompress \

old:
server_flow_depth 0 \
new:
server_flow_depth 65535 \

old:
client_flow_depth 0 \
new:
client_flow_depth 1460 \

-------------------------------------------------------------------------

Performance improvement in scheduled tasks/cron:
old:
/usr/sbin/ntpclient -s -p 123 -h 0.us.pool.ntp.org || /etc/init.d/ntpclient restart
new:
/usr/sbin/ntpclient -s -p 123 -h time.google.com || /etc/init.d/ntpclient restart
Running in bridge mode, 1.51 SP1 fw
Reply | Threaded
Open this post in threaded view
|

Re: More bugfixes / performance improvements

Turrican
thanks for sharing :)

Running Bridge Mode
v1.51 SP1 + Hotfix Mar 9
Reply | Threaded
Open this post in threaded view
|

Re: More bugfixes / performance improvements

user8446
Administrator
Two more I accidentally left off in the snort config post above:

old:
preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 no_alert_multiple_requests no_alert_large_fragments no_alert_incomplete
new:
#preprocessor rpc_decode: 111 32770 32771 32772 32773 32774 32775 32776 32777 32778 32779 no_alert_multiple_requests no_alert_large_fragments no_alert_incomplete

old:
preprocessor bo
new:
#preprocessor bo
Running in bridge mode, 1.51 SP1 fw
Reply | Threaded
Open this post in threaded view
|

Re: More bugfixes / performance improvements

StyxUT
Thank you.  
Reply | Threaded
Open this post in threaded view
|

Re: More bugfixes / performance improvements

breda
In reply to this post by user8446
Hi, user8446 did the rest of the bug fix but I get this error

Mon May 15 17:51:54 2017 daemon.err snort[9462]: FATAL ERROR: /etc/snort/snort_bridge.conf(93) => Invalid max_frags in config file. Integer parameter required.


and the Total Available goes up to 90%


Thanks

Reply | Threaded
Open this post in threaded view
|

Re: More bugfixes / performance improvements

user8446
Administrator
This post was updated on .
You've accidentally misconfigured something here:

old:
preprocessor frag3_global: max_frags 65536

new:
preprocessor frag3_global: disabled


Running in bridge mode, 1.51 SP1 fw
Reply | Threaded
Open this post in threaded view
|

Re: More bugfixes / performance improvements

breda
Thanks user8446 getting about  64 Mbps to 81 Mbps wanted to ask is their space between #   in the bugfixes?

Reply | Threaded
Open this post in threaded view
|

Re: More bugfixes / performance improvements

user8446
Administrator
It doesn't matter. You can put in a space if it helps with the readability
Running in bridge mode, 1.51 SP1 fw
Reply | Threaded
Open this post in threaded view
|

Re: More bugfixes / performance improvements

breda
Thanks   user8446