[Snort-users] performance related question

Zach Forsyth zach.forsyth at ...6337...
Mon Aug 12 20:20:02 EDT 2002


Hi there,
 
Just wanted to ask what hardware most people are running on?
I have a Celeron 400, win2k, latest stable snort, ACID, mysql, etc. and
seem to be dropping a lot of traffic. 
The snort box is connected to a 10mb hub and captures all traffic
flowing past.
These are the statistics I get if I run snort under a command prompt and
then ctrl-C it:
 
Snort analyzed 117056 out of 209072 packets, The kernel dropped
88722(42.436%) packets.
 
Does this mean I am dropping 42% of all packets? Or are these the
packets that are meeting the rules and being processed by snort?
 
Also I wanted to ask whether people are using alert or log mode?
I seem to have a lot more alerts captured into ACID with alert mode. 
 
I am about to change over to RH 7.3 but will have similar hardware. Is a
celeron400 capable of running on a fairly saturated 10mb link?
 
thanks in advance
 
Zach




More information about the Snort-users mailing list