[Snort-devel] benchmarking snort
ntuck1 at ...1977...
Sun May 11 14:56:06 EDT 2003
Hi. I'm a new member to the list, but have been hacking on snort for
a little while.
My question is this. If I make changes to the pattern matching engine
and am interested in determining whether I have increased or decreased
performance, what is the recommended way of going about measuring
I've tried dumping sneeze output to a file and also using defcon
traces. However, it appears to me that snort performance in these two
cases is really bottlenecked by my disk bandwidth, and logging output.
Thus far I have been benching snort with -b -A fast, but as I
mentioned, it still seems like most of the time spent is non
pattern-matching overhead. Any other flags I should turn on?
What do other list members use for benchmarking pattern matching in
snort? Any advice accepted.
PS - Does anyone know why sneeze gets caught in an infinite loop on
quite a number of the rules files?
More information about the Snort-devel