Snort mailing list archives
Re: Updated IP Blacklisting patch (version 2)
From: Martin Roesch <roesch () sourcefire com>
Date: Thu, 9 Jul 2009 22:19:57 -0400
On Thu, Jul 9, 2009 at 3:03 PM, Eoin Miller<eoin.miller () trojanedbinaries com> wrote:
Looks like the gotos actually end up using slightly more processing time for some reason? These two processes were started within a second of each other. The iplist with goto's ends up using slightly more time after running for a few hours: %CPU %MEM TIME+ COMMAND 54 3.6 58:09.50 snort -c /etc/snort/snort-goto-yes.conf -l /root/goto-yes/log/ -A fast 26 3.6 54:21.04 snort -c /etc/snort/snort-goto-no.conf -l /root/goto-no/log/ -A fast Performance graphs are pretty similiar, there was a bit of a spike in the version that is NOT using the goto's at one point. But overall the non-goto version appears to be more streamlined ever so slightly: http://trojanedbinaries.com/security/snort/cpu-goto-vs-original.png Color Lines = goto version Black Lines = without goto's Not exactly what I was expecting. Also, since we are not using the whitelisting functionality I can't say that there isn't an increase in performance in that aspect, I would expect there to be one.
Great data, thanks for that. What are the specs of the box you're running this on? You're seeing ~450Mbps of sustained traffic on the link? Marty -- Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616 Sourcefire - Security for the Real World - http://www.sourcefire.com Snort: Open Source IDP - http://www.snort.org ------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Updated IP Blacklisting patch (version 2), (continued)
- Re: Updated IP Blacklisting patch (version 2) Eoin Miller (Jul 06)
- Re: Updated IP Blacklisting patch (version 2) Martin Roesch (Jul 07)
- Re: Updated IP Blacklisting patch (version 2) Eoin Miller (Jul 07)
- Re: Updated IP Blacklisting patch (version 2) Eoin Miller (Jul 07)
- Re: Updated IP Blacklisting patch (version 2) Martin Roesch (Jul 07)
- Re: Updated IP Blacklisting patch (version 2) Eoin Miller (Jul 07)
- Re: Updated IP Blacklisting patch (version 2) Martin Roesch (Jul 07)
- Re: Updated IP Blacklisting patch (version 2) Eoin Miller (Jul 09)
- Re: Updated IP Blacklisting patch (version 2) Martin Roesch (Jul 09)
- Re: Updated IP Blacklisting patch (version 2) Eoin Miller (Jul 09)
- Re: Updated IP Blacklisting patch (version 2) Martin Roesch (Jul 09)
- Re: Updated IP Blacklisting patch (version 2) Eoin Miller (Jul 10)
- Re: Updated IP Blacklisting patch (version 2) Martin Roesch (Jul 07)
- Re: Updated IP Blacklisting patch (version 2) Eoin Miller (Jul 06)