[Snort-users] performance related question
zach.forsyth at ...6337...
Mon Aug 12 20:20:02 EDT 2002
Just wanted to ask what hardware most people are running on?
I have a Celeron 400, win2k, latest stable snort, ACID, mysql, etc. and
seem to be dropping a lot of traffic.
The snort box is connected to a 10mb hub and captures all traffic
These are the statistics I get if I run snort under a command prompt and
then ctrl-C it:
Snort analyzed 117056 out of 209072 packets, The kernel dropped
Does this mean I am dropping 42% of all packets? Or are these the
packets that are meeting the rules and being processed by snort?
Also I wanted to ask whether people are using alert or log mode?
I seem to have a lot more alerts captured into ACID with alert mode.
I am about to change over to RH 7.3 but will have similar hardware. Is a
celeron400 capable of running on a fairly saturated 10mb link?
thanks in advance
More information about the Snort-users