See responses inline: >I think you'll hit performance limits long before input limits. Yes I probably will, but I need to try. >In general snort performance is SEVERELY degraded by having multiple >entries in a coma delimited list for a IP specifier. You probably don't >ever want to have more than 10. >However it is not degraded by using CIDR blocks, so if your HTTP servers >happen to fit into the same block of IPs, or a couple of blocks, you should >consider doing so. >ie: >var HTTP_SERVERS [192.168.1.0/24] >or maybe a couple of CIDR blocks: >var HTTP_SERVERS [192.168.1.0/28,192.168.3.0/24,192.168.5.4/31] >Do you really have 150 HTTP servers all at non-consecutive IP addresses?? I >can't imagine that makes for a reasonable easy-to-maintain network. If >nothing else your router config must be an insane rats nest, or a wide-open >hole, if that's the case. <hair_pulling>We own a 19 bit block of addresses (small ISP). And our wonderful former Network Engineers did not see fit to use any real plan for implementation of anything. My job is a pain, and getting things to change here is like rolling water uphill. I must at least try this if possible. I may try narrowing the CIDER blocks down some, as I have HOME_NET defined for about 13 I may be able to narrow this down by 1 or 2 networks.</hair_pulling> Thanks for the Suggestion. Steve At 01:13 PM 12/27/2002 -0500, Steven Rudolph wrote: >How long can the var for HTTP_SERVERS be? >Where would I find this in the code? >I need a length of about 2000 characters as I have about 150 HTTP servers >that are in my network.
Attachment:
smime.p7s
Description: application/pkcs7-signature