Snort - the de facto standard for intrusion detection/prevention
the de facto standard for IPS  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Snort Downloads Snort Rules Snort Docs Snort Training Snort Forums Snort Community Snort Store
Search Site
Search Rules
Account
email
password
not registered?
can't login?
user preferences
next up previous contents
Next: Example Configuration Up: Flow Previous: Flow   Contents

Format 

preprocessor flow: [memcap <bytes>], [rows <count>], \
                   [stats_interval <seconds>], [hash <1|2>]


Table 2.4: Flow Options
Option Description
memcap Number of bytes to allocate.
rows Number of rows for the flow hash table. 1
stats_interval Interval (in seconds) to dump statistics to STDOUT. Set this to 0 to disable.
hash Hashing method to use.2
1 This number can be increased, at the cost of using more memory, to enhance performance. Increasing rows provides a larger hash table.
2 1 - hash by byte, 2 - hash by integer (faster, not as much of a chance to become diverse). The hash table has a pseudo-random salt picked to make algorithmic complexity attacks much more difficult.


Steven Sturges 2007-05-11
Terms of Use | Privacy Policy | forum archives | site feedback ©2009 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.