Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort and high-traffic lines

From: jsp1999 () gmx de
Date: Thu, 3 Oct 2002 17:58:19 +0200 (MEST)
Hi all, 
 

  *  Change your disk subsystem to high end SCSI. 

SCA SCSI now. 
 

  *  More RAM 

1GB now. 
 

  *  Faster CPU 
  *  More CPU's if your OS will support them well. 

Dual P3-1000 now. 
 

You might want to have a look at this link[0] as well.  It's message 

from 

Marty discussing this very thing. 

 
I had a look at that before, but I didn't think that those things 
applied to me - and as I know have MIPS, RAM, I/O and see snort still 
dropping about 25% at rates >=70Mbps this turns out to be true - 
unfortunately :|. 
 
Are there any other hints for me, to get tweak the OS/snort so that I 
can cope with that amount of traffic? Has anybody tried to split up 
snort to sniff the same interface (with the same homenet etc.) but with 
the ruleset split into three parts - would/could that help? 
 
BTW: I also tried the snort-ng patch that was submitted to snort-devel 
some days ago. There seems to be a buffer-overrun or anything like this, 
because snort-ng segfaults regularly. 
 
Regards, 
 
 Jens 

 
 
Hi, 
 
perhaps you have seen it already, a new version of snort-ng is uploaded on 
the snort-ng homepage, which fixes this problem. 
 
It would be nice to have some statistics whether snort-ng is really faster 
than the standard snort in a REAL production environment. You could 
provide something like that in order to get some objective view on 
snort-ng (and not just marketing stuff) 
 
regards, 
Jasper 

-- 
+++ GMX - Mail, Messaging & more  http://www.gmx.net +++
NEU: Mit GMX ins Internet. Günstige DSL- & Modem/ISDN-Tarife!



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: