[Snort-users] Snort on linux, under VMWare ESX
bmc at ...950...
Sun Oct 10 18:47:03 EDT 2004
On Oct 7, 2004, at 6:09 PM, Eric Hines wrote:
> We run Snort with Applied Watch in VMWare Server and Workstation on a
> routine basis and have had other customers do so in a production
> environment. I actually just did a deployment of our software with
> Snort on
> a VMWare GSX Server on a GiGE link and we have not seen any
> degradation in
> performance of Snort. Vmware is a beautiful thing :)
OK, I'll buy it. You deployed Snort inside of VMWare on a gige link.
Was the gige link anywhere NEAR utilized? Even with highly tuned OSs
and excellent hardware, there is much "fiddling of the knobs" needed to
get Snort to handle line-rate gige. VMWare is going to be slower than
running the OS natively. There is no way around that.
With so many people struggling to get Snort deployed in high bandwidth
environments, it is shocking that you suggest that snort inside of
vmware for production deployments.
I guess running snort, inside a virtual operating system, along side
your analysis console, running inside a virtual machine running inside
a virtual operating system, performance numbers are virtually virtuous.
More information about the Snort-users