[Snort-users] CPU and RAM planning tool
Sallee, Stephen (Jake)
Jake.Sallee at ...15646...
Sun Mar 10 14:00:21 EDT 2013
>> As far as I know, no tool exists like that, and yes, it would be very useful, and it wouldn't be hard and fast, it would be a very loose estimate.
Thats a fair point, do you think it may be possible to get with in, say +/- 20% of reality?
A true test of performance can only be done with the actual hardware, that much is obvious. But, if it is possible to get within a statistical margin of reality that would be great.
Attempting to get perfect numbers would be a very daunting task. Bus speeds, bus architecture, CPU instruction sets ... compilation fags, gcc version ... aaaaand my head almost exploded just thinking about it. And thats just for the CPU <( ' o ')>
Godfather of Bandwidth
University of Mary Hardin-Baylor
900 College St.
From: Joel Esler [jesler at ...1935...]
Sent: Sunday, March 10, 2013 8:52 AM
To: Sallee, Stephen (Jake)
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] CPU and RAM planning tool
On Mar 9, 2013, at 11:36 PM, "Sallee, Stephen (Jake)" <Jake.Sallee at ...15648......> wrote:
a tool exist that one can use to size the CPU and RAM requirements for a given usage scenario?
understand that the amount of both CPU and RAM is very dependent on a few factors such as:
of rules to execute
complexity of the rules used
and several others
it seems that given a few inputs one could make a fairly accurate assessment of the necessary hardware if only a few variables were known.
example: What kind of server would I need to inspect 100Mb/sec of traffic using a minimal rule set? What about the HW I would need to do the same with the default rule set. ( I know, tuning your snort server is VERY important.)
one could measure how many CPU cycles it takes to run a single packet through the minimal or default rule set then the rest of this calculation becomes simple in so far as the CPU is concerned.
is so cheap these days that it you can just throw memory at the problem until the problem goes away, unless you are virtualizing then memory/CPU allocation is the name of the game.
no tool is available I would be interested in developing one if the community thinks it is a useful endeavor.
am new to snort, and a tool like this would be VERY helpful to me as a newcomer. What do you guys think?
As far as I know, no tool exists like that, and yes, it would be very useful, and it wouldn't be hard and fast, it would be a very loose estimate.
Senior Research Engineer, VRT
OpenSource Community Manager
More information about the Snort-users