Re: Optimizing Linux Kernel for Snort & Hardware

[Edin Dizdarevic <edin.dizdarevic () interActive-Systems de>]

Well I'm afraid that is simply not possible because of the different network
environments. It depends very much on your clients and servers. Even on if you
use Apache or IIS. Don't forget that the greatest impact on the Snort
performance is still depending on how many rules you have. And that is great, at
the end.

You will never be able to say that much traffic == that much Snort. You can't
even predict such things with "simple static webservers" properly, can you?
You simply have to test the things and watch for packet drops and then react.

Regards,

Edin




Miguel Rosales wrote:
> Somebody knows the criteria that were due to consider to determine the
> proportions the necessary hardware for different scenes where it is desired
> to use snort. Something that it relates for example the number of hosts in
> my $HOME_NET respect to the memory or necessary processor.
>
> TIA.
>
> // Miguel
>
>
>
>
> |---------+---------------------------------------->
> |         |           Edin Dizdarevic              |
> |         |           <edin.dizdarevic@interActive-|
> |         |           Systems.de>                  |
> |         |           Sent by:                     |
> |         |           snort-users-admin@lists.sourc|
> |         |           eforge.net                   |
> |         |                                        |
> |         |                                        |
> |         |           04-07-2003 15:07             |
> |         |           Please respond to            |
> |         |           edin.dizdarevic              |
> |         |                                        |
> |---------+---------------------------------------->
>   >-----------------------------------------------------------------------------------------------------|
>   |                                                                                                     |
>   |       To:       Sam Evans <sam () neuroflux com>                                                       |
>   |       cc:       snort <snort-users () lists sourceforge net>                                           |
>   |       Subject:  Re: [Snort-users] Optimizing Linux Kernel for Snort                                 |
>   >-----------------------------------------------------------------------------------------------------|
>
>
>
>
>
>
> Sam Evans wrote:
>
> > Greetings All, and Happy Fourth of July to all the US Readers out there.
> > :)
> >
> > I've got a question regarding optimizing a Linux 2.4.18 Kernel to get
> > the best performance for snort.  Does anyone have any tips?
>
>
> Yeah, use OpenBSD ;)
>
> just kidding, but don't forget this
>
> <*> Packet socket
> [*]   Packet socket: mmapped IO
>
> See the postings with topics like "Snort dropping packets..."
>
> and using A LOT of memory is the best thing to do.
>
> Have fun,
>
> Edin
>
>
> > Thanks,
> > Sam
>
>
> --
> Edin Dizdarevic
-- 
Edin Dizdarevic



-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users