[Snort-users] CPU and RAM planning tool

Sallee, Stephen (Jake) Jake.Sallee at ...15646...
Sat Mar 9 23:36:27 EST 2013


Does a tool exist that one can use to size the CPU and RAM requirements for a given usage scenario?

I understand that the amount of both CPU and RAM is very dependent on a few factors such as:

Number of rules to execute
The complexity of the rules used
Link utilization
Processor speed
... and several others

But it seems that given a few inputs one could make a fairly accurate assessment of the necessary hardware if only a few variables were known.

For example:  What kind of server would I need to inspect 100Mb/sec of traffic using a minimal rule set? What about the HW I would need to do the same with the default rule set. ( I know, tuning your snort server is VERY important.)

If one could measure how many CPU cycles it takes to run a single packet through the minimal or default rule set then the rest of this calculation becomes simple in so far as the CPU is concerned.

Memory is so cheap these days that it you can just throw memory at the problem until the problem goes away, unless you are virtualizing then memory/CPU allocation is the name of the game.

If no tool is available I would be interested in developing one if the community thinks it is a useful endeavor.

I am new to snort, and a tool like this would be VERY helpful to me as a newcomer.  What do you guys think?

Jake Sallee
Godfather of Bandwidth
Network Engineer
University of Mary Hardin-Baylor

900 College St.
Belton, Texas
76513

Fone: 254-295-4658
Phax: 254-295-4221




More information about the Snort-users mailing list