[Snort-users] Snort on linux, under VMWare ESX

Brian caswell bmc at ...950...
Sun Oct 10 18:47:03 EDT 2004


On Oct 7, 2004, at 6:09 PM, Eric Hines wrote:
> We run Snort with Applied Watch in VMWare Server and Workstation on a
> routine basis and have had other customers do so in a production
> environment. I actually just did a deployment of our software with 
> Snort on
> a VMWare GSX Server on a GiGE link and we have not seen any 
> degradation in
> performance of Snort. Vmware is a beautiful thing :)

OK, I'll buy it.  You deployed Snort inside of VMWare on a gige link.  
Was the gige link anywhere NEAR utilized?  Even with highly tuned OSs 
and excellent hardware, there is much "fiddling of the knobs" needed to 
get Snort to handle line-rate gige.  VMWare is going to be slower than 
running the OS natively.  There is no way around that.

With so many people struggling to get Snort deployed in high bandwidth 
environments, it is shocking that you suggest that snort inside of 
vmware for production deployments.

I guess running snort, inside a virtual operating system, along side 
your analysis console, running inside a virtual machine running inside 
a virtual operating system, performance numbers are virtually virtuous.

Brian





More information about the Snort-users mailing list