Snort mailing list archives
Re: CPU and RAM planning tool
From: Joel Esler <jesler () sourcefire com>
Date: Sun, 10 Mar 2013 09:52:28 -0400
On Mar 9, 2013, at 11:36 PM, "Sallee, Stephen (Jake)" <Jake.Sallee () umhb edu> wrote:
Does a tool exist that one can use to size the CPU and RAM requirements for a given usage scenario? I understand that the amount of both CPU and RAM is very dependent on a few factors such as: Number of rules to execute The complexity of the rules used Link utilization Processor speed ... and several others But it seems that given a few inputs one could make a fairly accurate assessment of the necessary hardware if only a few variables were known. For example: What kind of server would I need to inspect 100Mb/sec of traffic using a minimal rule set? What about the HW I would need to do the same with the default rule set. ( I know, tuning your snort server is VERY important.) If one could measure how many CPU cycles it takes to run a single packet through the minimal or default rule set then the rest of this calculation becomes simple in so far as the CPU is concerned. Memory is so cheap these days that it you can just throw memory at the problem until the problem goes away, unless you are virtualizing then memory/CPU allocation is the name of the game. If no tool is available I would be interested in developing one if the community thinks it is a useful endeavor. I am new to snort, and a tool like this would be VERY helpful to me as a newcomer. What do you guys think?
As far as I know, no tool exists like that, and yes, it would be very useful, and it wouldn't be hard and fast, it would be a very loose estimate. -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire
------------------------------------------------------------------------------ Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- CPU and RAM planning tool Sallee, Stephen (Jake) (Mar 09)
- Re: CPU and RAM planning tool Joel Esler (Mar 10)
- Re: CPU and RAM planning tool Sallee, Stephen (Jake) (Mar 10)
- Message not available
- Re: CPU and RAM planning tool Sallee, Stephen (Jake) (Mar 10)
- Re: CPU and RAM planning tool Joel Esler (Mar 10)