Re: acceptable packet drop rate for snort

[Erek Adams <erek () theadamsfamily net>]

On Thu, 11 Apr 2002 lpj0508 () netscape net wrote:

> has anyone tried to measure how much traffic snort can handle b4 packet
> drops becomes a serious problem?
>
> i noticed in my case abt 1-2% of dropped packets for 10Mbps of traffic and
> 7% of dropped packets for 20Mbps.
>
> is this to be expected or has someone achieved better performance? please
> feedback as i would like to see the performance improve.
>
> fyi, i'm using a dual P3-733 server with 512MB RAM and intel 10/100 nic.
> snort version is 1.8.5 and mysql ver is mysql-max-4.0.1-alpha. OS is
> redhat-7.1 with kernel 2.4.3-12smp (just upgraded to 2.4.9-31smp)

Understand that if you're logging to DB, snort will be limited by that.  You
might want to consider using Barnyard (http://www.snort.org/dl/barnyard/) to
do your logging to DB for you.  BY is designed to do this in a highspeed
manner, and to allow snort not to have to waste time waiting on the DB.

> apologies if this has been posted b4, but i can't find an efficient way to
> search through the archive. 8)

http://marc.theaimsgroup.com/?l=snort-users&r=1&w=2

That should help.  :)  And yes, it has been discussed quite a bit. :-)

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users