[Snort-users] Snort++ Student Project

Shawn M Venti sv2 at ...17844...
Sun May 7 12:08:23 EDT 2017


I have been running in inline mode using the afpacket DAQ. I have also tested with the fanout (kernal loadbalancing) features turned on which does seem to equalize any load I am seeing across the cores however average throughput doesn’t increase at all.

> On May 7, 2017, at 6:06 AM, Russ <rucombs at ...589...> wrote:
> 
> There are many things to look at when tuning and tweaking your conf but generally they are necessary when CPU and/or RAM are maxed out. In your case you should probably start by looking at the DAQ.  What DAQ are you using?
> 
> On 5/7/17 12:17 AM, Shawn M Venti wrote:
>> Hi Joel,
>> 
>> Thanks for the reply. That would have been my original thought also however monitoring the current performance of the board while running a throughout test shows the CPU and RAM barley being used.
>> 
>> Any other thoughts?
>> 
>> Shawn
>> 
>> Sent from my iPhone
>> 
>>> On May 6, 2017, at 9:27 PM, Joel Esler (jesler) <jesler at ...589...> wrote:
>>> 
>>> Simply put, you may not have enough CPU or RAM to do that speed.
>>> 
>>> --
>>> Sent from my iPhone
>>> 
>>>> On May 6, 2017, at 21:17, Shawn M Venti <sv2 at ...17844...> wrote:
>>>> 
>>>> Hi Everyone,
>>>> 
>>>> I am very new to Snort and the community so hopefully this question is going in the correct place. If not could someone direct me in the right direction it would be much appreciated.
>>>> 
>>>> Currently I am working on a student security project that Snort++ (3.0.0-a4) is a part of. I’m attempting to run this on a smaller single board PC made my PC Engine. Please see the specs here:
>>>> 
>>>> - AMD Embedded G series GX-412TC , 1 GHz quad core
>>>> - 4 GB DDR-1333
>>>> - 3x i210AT LAN
>>>> 
>>>> I have successfully built and installed Snort++ on this system but the trouble I am having is horrible throughput (~20 MBits/sec) on a 100MBits/sec channel. The only modification that I have made to the default configuration is whats needed to run in inline mode.
>>>> 
>>>> Any suggestions to get my throughput up?
>>>> 
>>>> Thank you,
>>>> Shawn
>>>> ------------------------------------------------------------------------------
>>>> Check out the vibrant tech community on one of the world's most
>>>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>>>> _______________________________________________
>>>> Snort-users mailing list
>>>> Snort-users at lists.sourceforge.net
>>>> Go to this URL to change user options or unsubscribe:
>>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>>> Snort-users list archive:
>>>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>>> 
>>>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>> ------------------------------------------------------------------------------
>> Check out the vibrant tech community on one of the world's most
>> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>> 
>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
> 



More information about the Snort-users mailing list