[Snort-users] ACID / ALERT console browsing issue

Shekar Reddy shekar.reddy at ...10553...
Tue Nov 25 12:18:07 EST 2003


Hi,

I'm running SNORT 2.0.4 and ACID on Sun ULTRA 5 workstation with Solaris 9
O.S.

I'm experiencing SNORT / ACID performance problems on a live network. It
takes more than 120 seconds to move from one page to another while browsing
ACID console. Just wanted to know how to optimize. It was all OK in a test
environment. It used to take just 2 seconds to load the pages.

Here is SNORT hardware information:

Snort 1 (+ACID +snortcenter) : sun ultra 5 SPARC IIi 360MHz, 512 MB, 10GB
Snort2 sensor : sun ultra 5 SPARC IIi 360MHz, 512 MB, 10GB

Here's one more glitch: snort boxes are in datacenter and I'm trying to
browse ACID console from my work place through my VPN session to datacenter.


NOTE: I don't have any VPN latency issues for other applications. We have a
partial DS3 connection at our work place too. 

Here is an important NOTE: When I stop mirroring the traffic, I see
significant browsing performance.

Please let me know what is the bottleneck here. Acid main page itself will
take 120 seconds to download. How can I improve the ACID CONSOLE browsing
performance?

NOTE: I haven't tried browsing ACID directly from snort/ACID machine. I'll
try that and post it later. 

Any suggestions are appreciated...

Thanks
S










More information about the Snort-users mailing list