Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Performance questions

From: Erek Adams <erek () theadamsfamily net>
Date: Fri, 18 Jan 2002 13:53:31 -0800 (PST)
On Fri, 18 Jan 2002, Lucas de Carvalho Ferreira - BMS wrote:


I am trying to monitor a high traffic 100Mbs switch port with snort on a 433
MHz Celeron machine running Red Hat 7.2 but snort is dropping about 10% of
the packets, even if the CPU load is at an average of 70% (seen with top).
Is there any configuration tips for snort or for the Linux kernel to get
better performance? Could it be an I/O performance problem?


Ummm...  Lucas, that's a bit of a small box for that kind of load.  Have a
look at this snipped email from Marty to the snort-users list from earlier
last year.

http://www.theadamsfamily.net/~erek/snort/perf.txt

If you want to see the whole email, it's archived at:
http://marc.theaimsgroup.com/?l=snort-users&m=100208652925991&w=2

For Linux specific tips, do some archive searching.  I don't run Linux so I've
not any useful info on it.  Check the archives for posts from Abe Getchell,
Phil Wood, and John Sage.  Off the top of my head, those guys leap to mind as
Linux-type folks.  :)

Good luck!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: