Performance again

[Edin Dizdarevic <edin.dizdarevic () interActive-Systems de>]

Hi all,

I would like you to take a look on this:

http://www.truesec.de/Perfmon.html

It is the output of the performance monitor. I'm trying to find out,
which network parameters have the greatest influence on Snort's
performance:

1. Many open sessions
2. Big packets
3. System load
4. Internals
5. Alert Count
6. ...

and so on.

Therefore I took out some lines from my perfmon.log and tried to
compare different situations, in which Snort were loosing packets.

My first conclusion is, that the bigger the packets are, the more
packets are being dropped, while the open sessions count has almost
no influence. Interessting, that Snort will handle more than 700
sessions simultaneously with no packet loss :) (I only included
the lines where packet drops occured).

I would like any comments on this, and if available, results from the
performance monitor.

The results are from Snort 2.0.5 but I'll do the same with Snort 2.1.0
soon. That may be more interessting. ;)

The machine is Linux 2.4.22, PW pcap, PIII 1GHz, 512MB RAM, WD HD UDMA5.

Regards,
Edin

--
Edin Dizdarevic



-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users