[Snort-users] Snort + PF_RING + DAQ

Peter Bates peter.bates at ...15381...
Tue Sep 4 10:15:05 EDT 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

I'd actually be interested in anyone's Snort tuning suggestions
because I'm running Snort + PF_RING pretty much as per the Metaflows
10Gb instructions and still dropping traffic - this is with 1-2Gbps
and about 1000 rules.

Following the Metaflows route I was running 32 instances of Snort (and
32 x Barnyards) and the results were not encouraging.

And before Joel says it, I do know you have a SF box you could sell me ;)

- -- 
Peter Bates
Senior Computer Security Officer    Phone: +44(0)2076792049
Information Services Division	    Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQEcBAEBAgAGBQJQRgzpAAoJELhVoVpEMS6RFq4IAJvw+PLuCrPr536b/eQgU63+
mcvsJLUVkt3cX9gMhqeWpolpCmqptgbqG9+hE52vvWmzuIQUC0YUEWeqsRa/hk46
lYL+QGJoUx+LmUFM3gMfCq84GQLwUd4NN2TRBsjPoUvze6YMFmOuAI5DlPCn2Jw9
bzZxQmNtufQyMI8jBefa/RsoU20gBgfKP3J7d5f8usOwRjJ9X/XmZ3eHoJn7bObg
cRk+sTJiaLijsWCDHWGrkN9dbED3b5tBofJvafZhAlCHIg+zGQtaeVxmRwZeNjAD
2EXwTSxka1hImKs+dtkvmTrvZHz8Wg+ktqBVbzcB7j24lDpl4jVJq+8XlKqXbB8=
=D/lX
-----END PGP SIGNATURE-----





More information about the Snort-users mailing list