[Snort-users] Snort++ Student Project

Shawn M Venti sv2 at ...17844...
Sun May 14 21:07:18 EDT 2017


Still looking for some help if anyone has any suggestions. Thank You!

This is the ‘snort.lua’ configuration file that I am currently using. Hopefully this gives you a better idea of where I am stuck.

Let me know if I can provide any other information that might help.


On May 7, 2017, at 12:08 PM, Shawn M Venti <sv2 at ...17844...<mailto:sv2 at ...17844...>> wrote:

I have been running in inline mode using the afpacket DAQ. I have also tested with the fanout (kernal loadbalancing) features turned on which does seem to equalize any load I am seeing across the cores however average throughput doesn’t increase at all.

On May 7, 2017, at 6:06 AM, Russ <rucombs at ...589...<mailto:rucombs at ...589...>> wrote:

There are many things to look at when tuning and tweaking your conf but generally they are necessary when CPU and/or RAM are maxed out. In your case you should probably start by looking at the DAQ.  What DAQ are you using?

On 5/7/17 12:17 AM, Shawn M Venti wrote:
Hi Joel,

Thanks for the reply. That would have been my original thought also however monitoring the current performance of the board while running a throughout test shows the CPU and RAM barley being used.

Any other thoughts?

Shawn

Sent from my iPhone

On May 6, 2017, at 9:27 PM, Joel Esler (jesler) <jesler at ...589...<mailto:jesler at ...589...>> wrote:

Simply put, you may not have enough CPU or RAM to do that speed.

--
Sent from my iPhone

On May 6, 2017, at 21:17, Shawn M Venti <sv2 at ...17844...<mailto:sv2 at ...17844...>> wrote:

Hi Everyone,

I am very new to Snort and the community so hopefully this question is going in the correct place. If not could someone direct me in the right direction it would be much appreciated.

Currently I am working on a student security project that Snort++ (3.0.0-a4) is a part of. I’m attempting to run this on a smaller single board PC made my PC Engine. Please see the specs here:

- AMD Embedded G series GX-412TC , 1 GHz quad core
- 4 GB DDR-1333
- 3x i210AT LAN

I have successfully built and installed Snort++ on this system but the trouble I am having is horrible throughput (~20 MBits/sec) on a 100MBits/sec channel. The only modification that I have made to the default configuration is whats needed to run in inline mode.

Any suggestions to get my throughput up?

Thank you,
Shawn
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org<http://Slashdot.org>! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org<http://Slashdot.org>! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net<mailto:Snort-users at lists.sourceforge.net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!





More information about the Snort-users mailing list