performance snort question

[Roeland Weve <roeland () office netland nl>]

I was wondering if someone could give me some advice:

Snort is running on a 700 Mhz processor with 128 mb
The IDS has to handle, on average, with 600000 MB a month.
On peak hours the data traffic incoming is 4 Mbps (work hours)
I am using 500 rules (splitted in alerts and log) and a lot off pass
rules

Snort is using 98.8 % of the processor and 3.6% of the memory (4 MB)
When restarting snort after almost 1 hour:

snort: Snort received 1830489 packets
snort:  and dropped 0(0.000%) packets  
snort: Breakdown by protocol:                Action Stats: 
snort:     TCP: 1740759    (95.098%)         ALERTS: 2          
snort:     UDP: 77353      (4.226%)          LOGGED: 8          
snort:    ICMP: 12307      (0.672%)          PASSED: 2577       
snort:     ARP: 63         (0.003%) 
snort:    IPv6: 0          (0.000%) 
snort:     IPX: 0          (0.000%) 
snort:   OTHER: 0          (0.000%) 
snort: DISCARD: 0          (0.000%) 

After some days the memory is pretty good used, by then snort is using
more then 40% of the memory. Maybe that's because I'am running 1.8 beta
version (build 24). 

I have some questions, because I can't figure out what the performance
of Snort is:
- I have never seen that snort dropped some packets, 
does that mean that snort is running good? 
(and dropped 0(0.000%) packets)
- Because of the memory usage is increasing, 
does this mean that snort has a memory leak?
- Do I need more memory and/or a bigger processor?

Thanks,
        Roeland

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users