[Snort-users] "Making Snort go fast under Linux..."

Randal T. Rioux randy at ...13561...
Wed Feb 24 11:40:41 EST 2010


On Wed, February 24, 2010 9:02 am, Edward Bjarte Fjellskål wrote:
>
> During the years, I have tried to gather some notes
> on what can help "Snort go faster".
>
> I summed it up in a blog post:
> http://www.gamelinux.org/?p=81
>
> If anyone here has any comments/improvements/tips etc,
> I would be happy to hear about them, and include them
> in my post for future reference.

Nice job, some really great pointers. Gave me an idea.

You mentioned performance may be enhanced by using different
compilers/flags. I'm going to run some tests using different setups (OS,
compiler collection, etc). Can anybody suggest an ideal way to beat the
Hell out of a Snort box?

I'd like to analyze as large a dataset as possible containing a large
amount of detectable malware/sig triggers. Something that can sustain 1Gb
of traffic for approx. five minutes. I have the storage, systems and
bandwidth in my lab to do fiber, copper, multiple platforms and operating
systems.

This will be fun.

Thanks!
Randy






More information about the Snort-users mailing list