[Snort-users] Optimizing Linux Kernel for Snort & Hardware

Edin Dizdarevic edin.dizdarevic at ...7509...
Fri Jul 4 14:13:12 EDT 2003


Well I'm afraid that is simply not possible because of the different network
environments. It depends very much on your clients and servers. Even on if you
use Apache or IIS. Don't forget that the greatest impact on the Snort
performance is still depending on how many rules you have. And that is great, at
the end.

You will never be able to say that much traffic == that much Snort. You can't
even predict such things with "simple static webservers" properly, can you?
You simply have to test the things and watch for packet drops and then react.

Regards,

Edin




Miguel Rosales wrote:
> Somebody knows the criteria that were due to consider to determine the
> proportions the necessary hardware for different scenes where it is desired
> to use snort. Something that it relates for example the number of hosts in
> my $HOME_NET respect to the memory or necessary processor.
> 
> TIA.
> 
> // Miguel
> 
> 
> 
> 
> |---------+---------------------------------------->
> |         |           Edin Dizdarevic              |
> |         |           <edin.dizdarevic at ...9607...|
> |         |           Systems.de>                  |
> |         |           Sent by:                     |
> |         |           snort-users-admin at ...635...|
> |         |           eforge.net                   |
> |         |                                        |
> |         |                                        |
> |         |           04-07-2003 15:07             |
> |         |           Please respond to            |
> |         |           edin.dizdarevic              |
> |         |                                        |
> |---------+---------------------------------------->
>   >-----------------------------------------------------------------------------------------------------|
>   |                                                                                                     |
>   |       To:       Sam Evans <sam at ...5202...>                                                       |
>   |       cc:       snort <snort-users at lists.sourceforge.net>                                           |
>   |       Subject:  Re: [Snort-users] Optimizing Linux Kernel for Snort                                 |
>   >-----------------------------------------------------------------------------------------------------|
> 
> 
> 
> 
> 
> 
> Sam Evans wrote:
> 
>>Greetings All, and Happy Fourth of July to all the US Readers out there.
>>:)
>>
>>I've got a question regarding optimizing a Linux 2.4.18 Kernel to get
>>the best performance for snort.  Does anyone have any tips?
> 
> 
> Yeah, use OpenBSD ;)
> 
> just kidding, but don't forget this
> 
> <*> Packet socket
> [*]   Packet socket: mmapped IO
> 
> See the postings with topics like "Snort dropping packets..."
> 
> and using A LOT of memory is the best thing to do.
> 
> Have fun,
> 
> Edin
> 
> 
>>Thanks,
>>Sam
>>
> 
> 
> --
> Edin Dizdarevic
> 
-- 
Edin Dizdarevic





More information about the Snort-users mailing list