[Snort-devel] Performance results over snort 2.6.x ?

rmkml rmkml at ...879...
Sat Jan 13 16:35:52 EST 2007


thx for reply Marc,
I have realised little benchmark :

v2612 default use 303Mo memory and run during ~1m2s and 57308 alerts

v2612 with ac-bnfa use 72Mo memory and run during ~46s and 57308 alerts

v2612 with lowmem use 75Mo memory and run during ~50s and 57308 alerts

v245 default use 105Mo of memory and run during ~3minutes 14s and 57142 alerts

pcap file size is ~800Mo, all snort version use 100% cpu.
I have repeated all test 10 times on same host !

results: snort v2.6.1.2 with ac-bnfa algo is the best !!! (less memory and more fast !)

Best Regards
Rmkml



On Thu, 4 Jan 2007, Marc Norton wrote:

> Date: Thu, 04 Jan 2007 13:26:21 -0500
> From: Marc Norton <mnorton at ...402...>
> To: rmkml <rmkml at ...879...>
> Cc: Snort-devel at lists.sourceforge.net
> Subject: Re: [Snort-devel] Performance results over snort 2.6.x ?
> 
> 2.6 has more rules, it's not default yet, but will be so use search-method 
> ac-bnfa, it uses about the same memory as lowmem, but is faster, and more 
> resilieant to harsr traffic than lowmem.
>
> rmkml wrote:
>> Hi Snorter,
>> Anyone have tested gain performance with snort v2.6.x ?
>> (compared to snort v2.4.5)
>> Important Memory diff use on snort 26/24 :
>>   26 default use ~500Mo-600Mo (with my commercial rules,notVRT)
>>   26 search-method lowmem use ~<100Mo (same rules)
>>   24 default use ~<100Mo (same rules)
>> Regards
>> Rmkml
>> 
>> -------------------------------------------------------------------------
>> Take Surveys. Earn Cash. Influence the Future of IT
>> Join SourceForge.net's Techsay panel and you'll get the chance to share 
>> your
>> opinions on IT & business topics through brief surveys - and earn cash
>> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
>> _______________________________________________
>> Snort-devel mailing list
>> Snort-devel at lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/snort-devel
>>
>> 
>
>
> -- 
> Marc Norton      Snort Team Lead
> Sourcefire,Inc   410-423-1924
> www.snort.org    www.sourcefire.com 
>




More information about the Snort-devel mailing list