[Snort-users] network bandwidth downs when snort inoine is up

carlopmart carlopmart at ...11827...
Wed Oct 10 04:31:13 EDT 2007


Matt Jonkman wrote:
> What are you using to test bandwidth?
> 
> If you're using one of the common online bandwidth testers, those are
> most often based on latency seen.
> 
> Will and Victor, wouldn't the clam preproc cause some latency jitter?
> 
> Matt
> 
> 
> carlopmart wrote:
>> Victor Julien wrote:
>>> carlopmart wrote:
>>>> Victor Julien wrote:
>>>>   
>>>>> carlopmart wrote:
>>>>>     
>>>>>> Victor Julien wrote:
>>>>>>   
>>>>>>       
>>>>>>> carlopmart wrote:
>>>>>>>     
>>>>>>>         
>>>>>>>> Yes: norm_wscale_max 14
>>>>>>>>   
>>>>>>>>       
>>>>>>>>           
>>>>>>> This should be ok. Can you past your entire stream4 config?
>>>>>>>
>>>>>>> It doesn't have to be a stream4inline issue though. The number of sigs,
>>>>>>> preprocessors, etc. can also slow things down. Especially the clamav
>>>>>>> preproc.
>>>>>>>
>>>>>>> Regards,
>>>>>>> Victor
>>>>>>>     
>>>>>>>         
>>>>>> I think that the problem is the clamav preprocessor too, but I didn't 
>>>>>> hope that it was so slow ...
>>>>>>
>>>>>>   
>>>>>>       
>>>>> What hardware are you using?
>>>>>     
>>>> My is server is a P4 HT 3.2GHz with 1GB of RAM ...
>>>>   
>>> Normally this hardware should be able to keep up with the connection
>>> even with clamav enabled. I think this hardware should be able to handle
>>> about 10 to 15mbit/s with clamav, although it depends on what else the
>>> box is doing of course. To be sure, could you try to disable clamav and
>>> try again?
>>>
>>> Cheers,
>>> Victor
>>>
>> I have tried this Victor, and without clamav preprocessor all works as 
>> expected: bandwidth returns to 310 Kb/s ....
>>
> 

I have do it a very simple test: download a file from here: 
http://trumpetti.atm.tut.fi/debian-cd/4.0_r1/i386/iso-cd/debian-40r1-i386-netinst.iso

-- 
CL Martinez
carlopmart {at} gmail {d0t} com




More information about the Snort-users mailing list