[Snort-users] network bandwidth downs when snort inoine is up
Victor Julien
lists at ...14129...
Wed Oct 10 08:20:10 EDT 2007
Matt Jonkman wrote:
> What are you using to test bandwidth?
>
> If you're using one of the common online bandwidth testers, those are
> most often based on latency seen.
>
> Will and Victor, wouldn't the clam preproc cause some latency jitter?
>
The processing time of the packets gets a lot higher. The time spend
will depend on the packet size, content of the payload and of course the
system load. So yeah I expect there to be larger latency fluctuations...
Cheers,
Victor
> Matt
>
>
> carlopmart wrote:
>
>> Victor Julien wrote:
>>
>>> carlopmart wrote:
>>>
>>>> Victor Julien wrote:
>>>>
>>>>
>>>>> carlopmart wrote:
>>>>>
>>>>>
>>>>>> Victor Julien wrote:
>>>>>>
>>>>>>
>>>>>>
>>>>>>> carlopmart wrote:
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>> Yes: norm_wscale_max 14
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>> This should be ok. Can you past your entire stream4 config?
>>>>>>>
>>>>>>> It doesn't have to be a stream4inline issue though. The number of sigs,
>>>>>>> preprocessors, etc. can also slow things down. Especially the clamav
>>>>>>> preproc.
>>>>>>>
>>>>>>> Regards,
>>>>>>> Victor
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>> I think that the problem is the clamav preprocessor too, but I didn't
>>>>>> hope that it was so slow ...
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>> What hardware are you using?
>>>>>
>>>>>
>>>> My is server is a P4 HT 3.2GHz with 1GB of RAM ...
>>>>
>>>>
>>> Normally this hardware should be able to keep up with the connection
>>> even with clamav enabled. I think this hardware should be able to handle
>>> about 10 to 15mbit/s with clamav, although it depends on what else the
>>> box is doing of course. To be sure, could you try to disable clamav and
>>> try again?
>>>
>>> Cheers,
>>> Victor
>>>
>>>
>> I have tried this Victor, and without clamav preprocessor all works as
>> expected: bandwidth returns to 310 Kb/s ....
>>
>>
>
>
More information about the Snort-users
mailing list