Performance and resources, Snort ids main menu, Global configuration – RuggedCom RuggedRouter RX1000 User Manual

Chapter 25 – Configuring The Snort IDS

When the alert file method is chosen, a daily analysis of the file can be emailed.
The SIDs referenced in alerts can be used to quickly locate the rule via the main Sort
IDS menu. The rule itself often contains HTML links to Internet resources such as

www.securityfocus.com

and cve.mitre.org. These provide more in depth

descriptions of the vulnerability.

Performance And Resources

The performance impact of snort varies with the number of interfaces monitored, the
number of rules enabled, the packet rate and the logging method.
Snort has been empirically determined to use about 20% of the CPU clock cycles at
its maximum processing rate.
The router is capable of recording about 300 entries/second to the local syslog and
500 entries/second to the alert file. Alerts at rates exceeding the above rates will not
be recorded.
Snort will require 5 Mbytes of system memory to start with an additional 15 Mbytes
of memory for each interface monitored.

Snort IDS Main Menu

This menu configures the snort IDS and is composed of three sections.
Note that snort is disabled by default and may be enabled via the System folder,
Bootup And Shutdown menu. If snort is running, configuration changes must be
made active by restarting it. The Restart Snort button will restart snort, listing the
interfaces it is active upon.

Global Configuration

Figure 194: Snort Main Menu part 1

The Global Configuration menu section configures parameters that apply to all
interfaces.

Interfaces

Figure 195: Snort Main Menu part 2

The Interfaces section selects the interfaces snort will monitor. You must restart snort
after changing interfaces.

RuggedCom 231