[Snort-users] Snort-Inline, IPTables and Performance
mlinton at ...10499...
Wed Aug 24 10:39:08 EDT 2005
If anyone has the time to chat performance, I'm seeing some quite
problematic performance throttling when using snort-inline with
iptables, and I've been able to get much better performance previously
My build is: Red Hat Workstation 4 (Linux 2.6.9-5ELsmp) on a Dell
PowerEdge 1650 with dual Broadcom gigabit adapters. I'm using Snort
version 2.3.0 and pushing things through a QUEUE iptables directive to
do inline IPS.
Without the snort-inline box in place, I can attain about 2.5Mb/sec
downloads on my line. With it in place, I'm stuck at about 300kb/sec
I currently log to MySQL (ACID) but disabling MySQL, offloading it to
other machines and kicking up the memcap for stream4 (from 8 megs to
256) have made no difference so far.
The server load is about 0.01 and I'm not seeing it struggle at all --
has anyone else done performance tuning on snort to this degree? Are
there some iptables directives I can use to improve performance?
More information about the Snort-users