[Snort-users] CPU and RAM planning tool

Joel Esler jesler at ...1935...
Sun Mar 10 09:52:28 EDT 2013


On Mar 9, 2013, at 11:36 PM, "Sallee, Stephen (Jake)" <Jake.Sallee at ...15648......> wrote:

> Does a tool exist that one can use to size the CPU and RAM requirements for a given usage scenario?
> 
> I understand that the amount of both CPU and RAM is very dependent on a few factors such as:
> 
> Number of rules to execute
> The complexity of the rules used
> Link utilization
> Processor speed
> ... and several others
> 
> But it seems that given a few inputs one could make a fairly accurate assessment of the necessary hardware if only a few variables were known.
> 
> For example:  What kind of server would I need to inspect 100Mb/sec of traffic using a minimal rule set? What about the HW I would need to do the same with the default rule set. ( I know, tuning your snort server is VERY important.)
> 
> If one could measure how many CPU cycles it takes to run a single packet through the minimal or default rule set then the rest of this calculation becomes simple in so far as the CPU is concerned.
> 
> Memory is so cheap these days that it you can just throw memory at the problem until the problem goes away, unless you are virtualizing then memory/CPU allocation is the name of the game.
> 
> If no tool is available I would be interested in developing one if the community thinks it is a useful endeavor.
> 
> I am new to snort, and a tool like this would be VERY helpful to me as a newcomer.  What do you guys think?

As far as I know, no tool exists like that, and yes, it would be very useful, and it wouldn't be hard and fast, it would be a very loose estimate.

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130310/836bf5df/attachment.html>


More information about the Snort-users mailing list