[Snort-users] Low Snort performances

todb at ...11422... todb at ...11422...
Mon Apr 19 06:23:05 EDT 2004

Bob Walder wrote:

> We were using a dual P4 box with a server-class chipset, 2GB RAM and
> Intel NICs. [...] I can say that one of the main differences between our
> test rig and your sensor is that we used FreeBSD for the underlying OS.

I haven't seen many reports of Snort successfully running on *BSD with
SMP. I don't follow the BSDs very closely, but I know SMP support fairly
new (1 year?) in FreeBSD.... Googling... yep. http://www.freebsd.org/smp/
. Well, that makes me happy.

The lack of reliable BSD multiprocessor support has been The Reason I've
been advocating Snort (and other things) on Linux lately. I may have to
change my tune.

While I'm posting, I may as well ask (I've hunted around in the archives,
but I couldn't find a definitive answer): Does anyone have handy some
benchmark results for Snort on various architectures? I'm primarily
interested in hearing about lab/real world experiences with Snort's
maximum network loads, depending on architecture -- both the sensor and
whatever backend processing (acid etc). I can't find much about Snort and
gigabit loads, aside from the fact that Sourcefire sells a gigabit IDS

Tod Beardsley | planb-security.net

More information about the Snort-users mailing list