[Snort-users] Snort Performance Issues

Erek Adams erek at ...577...
Thu Jan 31 23:21:03 EST 2002

On Fri, 1 Feb 2002, Abe L. Getchell wrote:

> Good evening!

*sigh*  All these damned Yankee's thinking it's evening, when it's "night".


> Snort runs the best on Linux, Red Hat Linux 7.2 specifically.  Everyone
> here will agree with this, especially Erek Adams. ;-)  No, I'm kidding!
> I'm kidding!

*cough*cough*cough*   Do I read my name being taken in vain?  Jeesh, those
Kentucky folks win one basketball game and they think they are special.
*ducks and runs*


> We've discussed this _many_ times on the list, and the best thing to do is
> probably search through the Snort-Users list archives located at:
> http://www.geocrawler.com/lists/3/SourceForge/4890/0/

Yeppers, Abe continues to try to beat me into the Linux submission mold, and I
just won't let him!  :)  Seriously...  To sum up a _LONG_ thread, run what you
know.  If that's NetBSD on a ColecoVision, then fine!  Just as long as you
know the OS and underlying hardware, you should be golden!

> Also, for general IDS performance information, a good place to check is
> the SecurityFocus Focus-IDS list archives at:
> http://www.securityfocus.com/archive/96

Very good resource!  Bookmark it!  I'd suggest having a read on the following:


And the full version at:


Those are two pointer to an email that Marty sent out, which IMHO really
explains WTF you need for a serious 'snort box'.  I would suggest reading
one/both of thsoe and then following those suggestions.

I'll say this:  It doesn't hurt to take the authors advice on a 'how-to'
issue!  :)

Hope that helps!

Erek Adams

More information about the Snort-users mailing list