Snort mailing list archives
Re: Optimizing Linux Kernel for Snort & Hardware
From: "Miguel Rosales" <MRosales () adexus cl>
Date: Fri, 4 Jul 2003 17:22:48 -0400
I share your impression respect to this subject, but ..... based on the experience (or your experience) of each one of the users something can be considered or not?, it is not necessary to be so specific. |---------+----------------------------------------> | | Edin Dizdarevic | | | <edin.dizdarevic@interActive-| | | Systems.de> | | | | | | 04-07-2003 17:12 | | | Please respond to | | | edin.dizdarevic | | | | |---------+----------------------------------------> >-----------------------------------------------------------------------------------------------------| | | | To: Miguel Rosales <MRosales () adexus cl> | | cc: snort <snort-users () lists sourceforge net> | | Subject: Re: [Snort-users] Optimizing Linux Kernel for Snort & Hardware | >-----------------------------------------------------------------------------------------------------| Well I'm afraid that is simply not possible because of the different network environments. It depends very much on your clients and servers. Even on if you use Apache or IIS. Don't forget that the greatest impact on the Snort performance is still depending on how many rules you have. And that is great, at the end. You will never be able to say that much traffic == that much Snort. You can't even predict such things with "simple static webservers" properly, can you? You simply have to test the things and watch for packet drops and then react. Regards, Edin Miguel Rosales wrote:
Somebody knows the criteria that were due to consider to determine the proportions the necessary hardware for different scenes where it is
desired
to use snort. Something that it relates for example the number of hosts
in
my $HOME_NET respect to the memory or necessary processor. TIA. // Miguel |---------+----------------------------------------> | | Edin Dizdarevic | | | <edin.dizdarevic@interActive-| | | Systems.de> | | | Sent by: | | | snort-users-admin@lists.sourc| | | eforge.net | | | | | | | | | 04-07-2003 15:07 | | | Please respond to | | | edin.dizdarevic | | | | |---------+----------------------------------------> >
-----------------------------------------------------------------------------------------------------|
|
|
| To: Sam Evans <sam () neuroflux com>
|
| cc: snort <snort-users () lists sourceforge net>
|
| Subject: Re: [Snort-users] Optimizing Linux Kernel for Snort
|
>
-----------------------------------------------------------------------------------------------------|
Sam Evans wrote:Greetings All, and Happy Fourth of July to all the US Readers out there. :) I've got a question regarding optimizing a Linux 2.4.18 Kernel to get the best performance for snort. Does anyone have any tips?Yeah, use OpenBSD ;) just kidding, but don't forget this <*> Packet socket [*] Packet socket: mmapped IO See the postings with topics like "Snort dropping packets..." and using A LOT of memory is the best thing to do. Have fun, EdinThanks, Sam-- Edin Dizdarevic
-- Edin Dizdarevic ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100006ave/direct;at.asp_061203_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Optimizing Linux Kernel for Snort & Hardware Miguel Rosales (Jul 04)
- Re: Optimizing Linux Kernel for Snort & Hardware Edin Dizdarevic (Jul 04)
- <Possible follow-ups>
- Re: Optimizing Linux Kernel for Snort & Hardware Miguel Rosales (Jul 04)