Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: What speed?

From: "Mayers, Philip J" <p.mayers () ic ac uk>
Date: Fri, 20 Jul 2001 13:10:13 +0100
It's a RedHat 7.1 box.

I expect the SQL is what's killing you - we're rotating the logs hourly, and
post-processing them into SQL - that's why we're running dual CPUs, since
the load will happen on the other one.

We were formerly on a PIII800 single with an Intel Pro100, and that we
keeping up with 30Mbit without problems (also binary logging).

Regards, 
Phil 

+----------------------------------+ 
| Phil Mayers, Network Support     | 
| Centre for Computing Services    | 
| Imperial College                 | 
+----------------------------------+ 


-----Original Message-----
From: Ben Hughes [mailto:snort-users () work mumble org uk]
Sent: 20 July 2001 11:43
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] What speed?


On Thu, Jul 19, 2001 at 06:48:15PM +0100, Mayers, Philip J wrote:


Well, it's not a windows box...


can i leap in and ask what OS you're running?
 

We've got a dual PIII 1GHz with a ServerWorks 64bit/66MHz Gigabit NIC and
265Mb ram - that does about 10% CPU per 30Mbit, with stream4, defrag and
full Whitehats ruleset (binary logging) - it scales pretty linearly, so we
should be able to go to 300Mbit in theory, although I suspect it will
actually go higher, since there'a a base overhead from just running the
system.


hmm, all rather odd, ive got a P3 733 128meg, intel fxp0 compaq (spit!)
which cant keep up with half used 100base logging to mysql (over another
network card) so im trying to see what i can do to speed it up..

it's build 46 (running well it seems) with defrag and stream4 and 255
rules in it..

am i hoping for too much, or should i throw some (more) hardware at it?

-- 
Ben Hughes, <ben.hughes [at] uk.easynet.net>

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: