[Snort-users] "Making Snort go fast under Linux..."

Edward Bjarte Fjellskål edward.fjellskal at ...14590...
Wed Feb 24 12:26:15 EST 2010


Randal T. Rioux wrote:
> On Wed, February 24, 2010 9:02 am, Edward Bjarte Fjellskål wrote:
>> During the years, I have tried to gather some notes
>> on what can help "Snort go faster".
>>
>> I summed it up in a blog post:
>> http://www.gamelinux.org/?p=81
>>
>> If anyone here has any comments/improvements/tips etc,
>> I would be happy to hear about them, and include them
>> in my post for future reference.
> 
> Nice job, some really great pointers. Gave me an idea.

Thanks :)

> You mentioned performance may be enhanced by using different
> compilers/flags. I'm going to run some tests using different setups (OS,
> compiler collection, etc). Can anybody suggest an ideal way to beat the
> Hell out of a Snort box?
> 
> I'd like to analyze as large a dataset as possible containing a large
> amount of detectable malware/sig triggers. Something that can sustain 1Gb
> of traffic for approx. five minutes. I have the storage, systems and
> bandwidth in my lab to do fiber, copper, multiple platforms and operating
> systems.

First thing that comes to mind:
http://www.breakingpointsystems.com/
Though I have no experience with the product, Im just aware of it :)

When I do testing, I usually have home made pcaps, and replay them
with tcpreplay and/or even daemonlogger.

tcpreplay have some nice features on how fast you want to replay
the traffic.

> 
> This will be fun.

Enjoy :)

> Thanks!
> Randy
> 
> 
> 
> ------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list