[Snort-users] Considering using snort

Joel Esler jesler at ...1935...
Fri Aug 21 10:22:40 EDT 2009

I'd encourage you to use the built in perfomance monitor in snort. You  
can find it's configuration in the snort.conf file.

Sent from my iPhone

On Aug 21, 2009, at 10:18 AM, "Mark W. Jeanmougin" <mark.jeanmougin at ...14628... 
 > wrote:

> Guy,
> There's only one answer to this question: "It depends"
> It depends on traffic load, application load, hardware spec's,
> acceptable overhead, rule set, and all kinds of things that I probably
> haven't even thought about.
> But, I think you've answered the question in you post.  If you've been
> running snort on your load balancer, and you're basically happy with
> performance, then it sounds like the performance impact is acceptable.
> If you want to get a good idea of the impact, you could setup a simple
> cron job to run a "top -n 1" every so often, then grep the results for
> snort.  This will tell you the amount of CPU time used by snort at
> various points throughout the day.
> It appears that my idea of a  "simple cron job" may differ from most
> people's.  If you need help setting that up, just let me know!  :)
> Happy Friday,
> MJ
> On 08/21/2009 05:52 AM, Guy wrote:
>> Hi,
>> One of our old boxes (set up by a previous sys admin) has snort on  
>> it.
>> It's about to be reinstalled, so before I include snort in the
>> reinstall I'd just like to find out one or two things.
>> The machine it's currently on is a load balancer, so most of our
>> traffic hits one of the load balancers before going on to other
>> servers. But, due to the way our hosting company provides machines,
>> all our other servers can be accessed directly from the internet,  
>> even
>> though we use the LAN for most data transfer.
>> What sort of load (CPU,RAM and I/O) does snort add to a server as  
>> some
>> of our servers already have fair load doing mail, mail scanning, etc?
>> I'm curious whether Snort would be usable on all our servers or would
>> be better to only have on the main entry points, the load balancers,
>> since they're not running heavy services.
>> Any other advice about this would be appreciated.
>> Thanks
>> Guy
> --- 
> --- 
> --- 
> ---------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008  
> 30-Day
> trial. Simplify your report design, integration and deployment - and  
> focus on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now.  http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

More information about the Snort-users mailing list