[Snort-users] "Making Snort go fast under Linux..."
Randal T. Rioux
randy at ...13561...
Wed Feb 24 11:40:41 EST 2010
On Wed, February 24, 2010 9:02 am, Edward Bjarte Fjellskål wrote:
> During the years, I have tried to gather some notes
> on what can help "Snort go faster".
> I summed it up in a blog post:
> If anyone here has any comments/improvements/tips etc,
> I would be happy to hear about them, and include them
> in my post for future reference.
Nice job, some really great pointers. Gave me an idea.
You mentioned performance may be enhanced by using different
compilers/flags. I'm going to run some tests using different setups (OS,
compiler collection, etc). Can anybody suggest an ideal way to beat the
Hell out of a Snort box?
I'd like to analyze as large a dataset as possible containing a large
amount of detectable malware/sig triggers. Something that can sustain 1Gb
of traffic for approx. five minutes. I have the storage, systems and
bandwidth in my lab to do fiber, copper, multiple platforms and operating
This will be fun.
More information about the Snort-users