[Snort-users] Low Snort performances
bwalder at ...1926...
Mon Apr 19 06:59:03 EDT 2004
I am pretty sure SMP support has been around in FreeBSD for longer than
that - I think BSD was later. That was one of the reasons we first tried
it out. Had nothing but good results from it in our labs - very
reliable. YMMV, of course.....
We have not managed to test a Gigabit Snort appliance as yet.
>> -----Original Message-----
>> From: todb at ...11422... [mailto:todb at ...11422...]
>> Sent: 19 April 2004 15:23
>> To: bwalder at ...1926...
>> Cc: snort-users at lists.sourceforge.net
>> Subject: RE: [Snort-users] Low Snort performances
>> Bob Walder wrote:
>> > We were using a dual P4 box with a server-class chipset,
>> 2GB RAM and
>> > Intel NICs. [...] I can say that one of the main
>> differences between
>> > our test rig and your sensor is that we used FreeBSD for the
>> > underlying OS.
>> I haven't seen many reports of Snort successfully running on
>> *BSD with SMP. I don't follow the BSDs very closely, but I
>> know SMP support fairly new (1 year?) in FreeBSD....
>> Googling... yep. http://www.freebsd.org/smp/ . Well, that
>> makes me happy.
>> The lack of reliable BSD multiprocessor support has been The
>> Reason I've been advocating Snort (and other things) on
>> Linux lately. I may have to change my tune.
>> While I'm posting, I may as well ask (I've hunted around in
>> the archives, but I couldn't find a definitive answer): Does
>> anyone have handy some benchmark results for Snort on
>> various architectures? I'm primarily interested in hearing
>> about lab/real world experiences with Snort's maximum
>> network loads, depending on architecture -- both the sensor
>> and whatever backend processing (acid etc). I can't find
>> much about Snort and gigabit loads, aside from the fact that
>> Sourcefire sells a gigabit IDS toaster.
>> Tod Beardsley | planb-security.net
More information about the Snort-users