[Snort-users] Low Snort performances

Bob Walder bwalder at ...1926...
Mon Apr 19 06:59:03 EDT 2004

I am pretty sure SMP support has been around in FreeBSD for longer than
that - I think BSD was later. That was one of the reasons we first tried
it out. Had nothing but good results from it in our labs - very
reliable. YMMV, of course.....

We have not managed to test a Gigabit Snort appliance as yet.



>> -----Original Message-----
>> From: todb at ...11422... [mailto:todb at ...11422...] 
>> Sent: 19 April 2004 15:23
>> To: bwalder at ...1926...
>> Cc: snort-users at lists.sourceforge.net
>> Subject: RE: [Snort-users] Low Snort performances
>> Bob Walder wrote:
>> > We were using a dual P4 box with a server-class chipset, 
>> 2GB RAM and 
>> > Intel NICs. [...] I can say that one of the main 
>> differences between 
>> > our test rig and your sensor is that we used FreeBSD for the 
>> > underlying OS.
>> I haven't seen many reports of Snort successfully running on 
>> *BSD with SMP. I don't follow the BSDs very closely, but I 
>> know SMP support fairly new (1 year?) in FreeBSD.... 
>> Googling... yep. http://www.freebsd.org/smp/ . Well, that 
>> makes me happy.
>> The lack of reliable BSD multiprocessor support has been The 
>> Reason I've been advocating Snort (and other things) on 
>> Linux lately. I may have to change my tune.
>> While I'm posting, I may as well ask (I've hunted around in 
>> the archives, but I couldn't find a definitive answer): Does 
>> anyone have handy some benchmark results for Snort on 
>> various architectures? I'm primarily interested in hearing 
>> about lab/real world experiences with Snort's maximum 
>> network loads, depending on architecture -- both the sensor 
>> and whatever backend processing (acid etc). I can't find 
>> much about Snort and gigabit loads, aside from the fact that 
>> Sourcefire sells a gigabit IDS toaster.
>> -- 
>> Tod Beardsley | planb-security.net

More information about the Snort-users mailing list