Looks like my last post didn't get through.

I have tried all the various options for detection method and it will not allow speeds above 200MB/sec. on a 1GB line  The IPS engine must be capable of higher performance as it in the spec of the Endian Appliances.

With IPS switched off, I am getting 950MB/sec or so.

Any other thoughts as to why it appears to be running slow.

Thanks for any help

Mike

never mind guys

I persevered further and think I have fixed it.

Although the web status page still indicates that IPS is switched off after enabling it on the Services page.

Regards

Mike

strange, but with the version 3.3.9 i dont had any problem.

Hi amelendez,
I did not have noted performance problems, these are the same of previous versions.
About ClamAV, still waiting for someone's answer...
Bye!

no, i tryed many times but not update, anybody that it works?

Hellow nico81cn, i did install 3.3.10 but is very slow, i had restart many times to work correctly, and your question about clamav, continue the problem dont update, but if you get work, you say me, regards.

Hi Folks,

I have the above issue of IPS running slow on quite a meaty machine (4 core Intel with 8Gof memory) and need to make the suggested changes.

I am a complete novice (but learning) about Linux and would be grateful if someone could give me some mickey mouse instructions on how to do this from the Web Console.

Thanks and regards

Mike

Hello everybody,
Anyone who knows if there is an official/unofficial release notes document for efw community?
3.3.10 has been just released, I'd like to know what are improvements-changes...

Other question:
Included clamav version is outdated and no more supported (definitions auto update fails due the old version of engine..),
Somebody knows if engine's update is planned?

Thank you!

Hallo, wir betreiben eine Endian mit 2 Uplinks.
auf dem Main-Uplink haben wir eingestellt dass wenn dieser ausfällt dann sollte auf den 2ten Uplink umschalten - leider funktioniert das nicht so wie gewünscht... sobald wir den ersten Uplink ausstecken wird nicht auf den zweiten umgeschaltet - bzw. es dauert lange bis das "umschaltet"
muss man noch irgendwo anderes eine Einstellung vornehmen dass das funktioniert?
danke für evtl. Hilfe

klaun

Hello,

Im seeing this in the system logs after starting snort, how would you go about resolving this issue? Here is the list of flowbits not checked.

   2021-08-29 13:51:31   snort (12132) +++++++++++++++++++++++++++++++++++++++++++++++++++
System   2021-08-29 13:51:31   snort (12132) Initializing rule chains...
System   2021-08-29 13:51:31   snort (12132) /var/signatures/snort/processed/auto/3coresec.rules(7) threshold (in rule) is deprecated; use detection_filter instead.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ET.Tesch" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ET.koobfacecheck" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ET.HTA.Download" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ET.applephish" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ET.DROPIP" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "et.GENOME.AV" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ET.zipfile" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ET.IRC.BOT.CntSOCPU" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "http.dottedquadhost.gz" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ET.Multimedia.Download" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ET..in.http" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ET.Anunanak.HTTP.1" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ETPRO.Microsoft.Excel" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ET.MP4.Download" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "http.dottedquadhost.docx" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ETPRO.njratgeneric" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ET.genericphish_Tesco" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ET.Cryptocurrency_Phish" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ET.SecondaryFlash.Req" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "http.dottedquadhost.rar" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "ET.TorIP" is set but not ever checked.
System   2021-08-29 13:51:34   snort (12132) flowbits key "http.dottedquadhost.vbs" is set but not ever checked.