performance related question

["Zach Forsyth" <zach.forsyth () kiandra com>]

Hi there,
 
Just wanted to ask what hardware most people are running on?
I have a Celeron 400, win2k, latest stable snort, ACID, mysql, etc. and
seem to be dropping a lot of traffic. 
The snort box is connected to a 10mb hub and captures all traffic
flowing past.
These are the statistics I get if I run snort under a command prompt and
then ctrl-C it:
 
Snort analyzed 117056 out of 209072 packets, The kernel dropped
88722(42.436%) packets.
 
Does this mean I am dropping 42% of all packets? Or are these the
packets that are meeting the rules and being processed by snort?
 
Also I wanted to ask whether people are using alert or log mode?
I seem to have a lot more alerts captured into ACID with alert mode. 
 
I am about to change over to RH 7.3 but will have similar hardware. Is a
celeron400 capable of running on a fairly saturated 10mb link?
 
thanks in advance
 
Zach


-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users