[Snort-users] Questions/Suggestion: Which data to put in the

Pablo d Angelo redman at ...284...
Tue Aug 8 14:00:47 EDT 2000


On Mon, 07 Aug 2000, Jed Pickel wrote:

> Thanks for the comments Geoff. So I guess we are still not at any sort
> of consensus on this issue. :( I got a mail this morning from someone
> doing some performance testing (hi Pablo - in case he is reading this
> list) to see which way works the best. If he does not mail the list
> directly I will keep you posted if there are any results.

I'm on the list, but I'm on holiday and dont have access
to my normal computer in the next weeks or so. sorry.
One short test I have done shows a very small performance gain
with using a 32 bit IP address.

I attached two perl scripts i used to test.
The queries have been taken from a php frontend I started to develop.

the ip_dst and ip_src fields are INT's (dont forget to
set an index on them)

ciao
  Pablo
--
http://wurm.wohnheim.uni-ulm.de/~redman/
Please use PGP
-------------- next part --------------
A non-text attachment was scrubbed...
Name: snort_one.pl
Type: application/x-perl
Size: 1580 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20000808/dcba2d75/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: snort_split.pl
Type: application/x-perl
Size: 1760 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20000808/dcba2d75/attachment-0001.bin>


More information about the Snort-users mailing list