Hey Doug, iv uploaded the the sostat output,
Im using Virtualbox,
Thanks
Ronen
On Monday, June 4, 2012 at 6:39 PM, Ronen Narkis wrote:
Yeap I did,ThanksRonenOn Tuesday, June 5, 2012 1:10:21 AM UTC+3, DefensiveDepth wrote:Did you "sudo /usr/local/bin/pulledpork_update.sh" after dropping 1:4 into disablesid.conf?-JoshOn Monday, June 4, 2012 2:09:57 PM UTC-7, Ronen Narkis wrote:Iv enabled virtio and turned bro off, the system is a little bit more responsive, I would love to see a "profiles" feature where one can choose a less "production" grade setting and use moderate rules/services on lower end systems.One this that I hadn't figured out is how to disable:ssh: Protocol MismatchIv followed the wiki and added (from what I can tell 4 is the SID):1:4to the disablesid.conf file yet I kept seeing these events in snortby,Then iv tried to disable it in snort:# SSH anomaly detection. For more information, see README.sshpreprocessor ssh: server_ports { 22 } \autodetect \max_client_bytes 19600 \max_encrypted_packets 20 \max_server_version_len 100 \enable_respoverflow enable_ssh1crc32 \enable_srvoverflow disable_protomismatchBut It seems to be still active,Any idea what Im missing?ThanksRonenOn Monday, June 4, 2012 4:14:47 AM UTC+3, Ronen Narkis wrote:Hey Doug ill try to disable and report back,Robert while you are correct I would expect some slow down but not a grinding halt, iv been using VM's since 2004 and the penalty for virtualization has been dropping down since VTx been introduced and the software got better,Ill try the virtio devices and see if it helps,Thanks guysRonen