[Snort-users] Performance questions

Chris Green cmg at ...671...
Fri Jan 18 13:59:04 EST 2002


Lucas de Carvalho Ferreira - BMS <lucas.ferreira at ...4619...> writes:

> 1.  (*) text/plain          ( ) text/html           
>
> Hello, 
>
> I am trying to monitor a high traffic 100Mbs switch port with snort on a
> 433 MHz Celeron machine running Red Hat 7.2 but snort is dropping about
> 10% of the packets, even if the CPU load is at an average of 70% (seen
> with top). Is there any configuration tips for snort or for the Linux
> kernel to get better performance? Could it be an I/O performance
> problem? 

Disable unneeded rules, switch to fast + tcpdump logging instead of
full/database/xml/etc.

Need a lot more information on your current config to help you figure
out what needs to be done


-- 
Chris Green <cmg at ...671...>
"Yeah, but you're taking the universe out of context."




More information about the Snort-users mailing list