[Snort-users] SnortSnarf performance
hoagland at ...47...
Fri Mar 30 14:14:09 EST 2001
At 9:59 AM +0530 3/29/01, Siddhartha Jain wrote:
>I don't run out of memory or CPU. With a 12 MB alert file, i get a footprint
>of 64 MB (thru' top) and with about 80 MB of alert, i get 220 MB and upto
>60% CPU utilization. The problem is it takes a hell long as the alert file
>grows. Ofcourse, i see no swapping with 1 GB RAM.
I haven't studied memory and CPU utilization as the number of alerts
input grows. Might be interesting; it would vary somewhat with the
distribution of signatures and IPs in the input. CPU is probably
slightly superlinear. Probably makes sense to wait for modularized
>Isn't DNS lookup turned off by default and you have to throw a switch to
>turn it on?
That is correct.
|* Jim Hoagland, Associate Researcher, Silicon Defense *|
|* hoagland at ...47... *|
|* http://www.silicondefense.com/ *|
|* Silicon Defense - Technical Support for Snort *|
|* Voice: (530) 756-7317 Fax: (530) 756-7297 *|
More information about the Snort-users