[Snort-users] Snort and high performance networks

Chris Rapier rapier at ...11836...
Thu May 20 12:17:07 EDT 2004


Woah, rock on! This exactly what I was hoping for! Any chance you can 
send me specs for the box? I think they already bought one but it would 
be nice to know how it measures up.

Kreimendahl, Chad J wrote:
> FWIW... I've got systems that are easily handling between 3-4Gbps each.
> That's partially hardware, partially OS, and a little tiny config work.
> Very near to all rules enabled on these interfaces, as well as all of
> the preprocessors (minus the broken ones), and a database output plugin.
> 
> 0 dropped packets.   If you check the archives for this list, you'll
> find discussions about kernels that can do polling against network
> devices, and how this enhances snort performance on high speed links
> (network performance in general, really).  I believe I mention the OSes,
> maybe some config info and hardware used. 
> 
> If it's of any value, the machine I'm talking about above (handling
> 3Gbps) cost around $2500 (not sure if that's retail).






More information about the Snort-users mailing list