[Snort-users] Performance questions

John Sage jsage at ...2022...
Fri Jan 18 18:23:02 EST 2002


hmm..

Linux-type, ab-so-lute-ly, but I have no experience with traffic of that 
volume: my little petri dish is a Pentium 150 behind a 56k modem...

(Hey! somebody's gotta do dialup!)

- John

-- 
The web page you seek
cannot be found here:
countless others await



Erek Adams wrote:

> On Fri, 18 Jan 2002, Lucas de Carvalho Ferreira - BMS wrote:
> 
> 
>>I am trying to monitor a high traffic 100Mbs switch port with snort on a 433
>>MHz Celeron machine running Red Hat 7.2 but snort is dropping about 10% of
>>the packets, even if the CPU load is at an average of 70% (seen with top).
>>Is there any configuration tips for snort or for the Linux kernel to get
>>better performance? Could it be an I/O performance problem?
>>
> 
> Ummm...  Lucas, that's a bit of a small box for that kind of load.  Have a
> look at this snipped email from Marty to the snort-users list from earlier
> last year.
> 
> http://www.theadamsfamily.net/~erek/snort/perf.txt
> 
> If you want to see the whole email, it's archived at:
> http://marc.theaimsgroup.com/?l=snort-users&m=100208652925991&w=2
> 
> For Linux specific tips, do some archive searching.  I don't run Linux so I've
> not any useful info on it.  Check the archives for posts from Abe Getchell,
> Phil Wood, and John Sage.  Off the top of my head, those guys leap to mind as
> Linux-type folks.  :)
> 
> Good luck!
> 
> -----
> Erek Adams
> Nifty-Type-Guy
> TheAdamsFamily.Net






More information about the Snort-users mailing list