Snort mailing list archives
Re: Snort Performance
From: Mark.Schutzmann () Omron com
Date: Fri, 26 Mar 2004 08:47:27 -0600
Laura,
I've got a similar scenario of monitoring 9 networks. I'm using an IBM
x225 with dual 2GB CPUs, 1.5GB RAM, and 54GB RAID 1E, Intel 1GB Fiber NICs.
Snort 2.1.1 on RH9 2.4.20-30.9smp. Below are my stats from Snort this
morning after running for about 6 hours. This is a new install with most
rules enabled. Hope that helps.
Mar 26 08:47:21 OEI-RHLXSnort snort:
===============================================================================
Mar 26 08:47:21 OEI-RHLXSnort snort: Snort analyzed 233502292 out of
233645312 packets,
Mar 26 08:47:21 OEI-RHLXSnort snort: dropping 143020(0.061%) packets
Mar 26 08:47:21 OEI-RHLXSnort snort: Breakdown by protocol:
Action Stats:
Mar 26 08:47:21 OEI-RHLXSnort snort: TCP: 231098202 (98.910%)
ALERTS: 16779
Mar 26 08:47:21 OEI-RHLXSnort snort: UDP: 571323 (0.245%)
LOGGED: 16814
Mar 26 08:47:21 OEI-RHLXSnort snort: ICMP: 506038 (0.217%)
PASSED: 0
Mar 26 08:47:21 OEI-RHLXSnort snort: ARP: 74367 (0.032%)
Mar 26 08:47:21 OEI-RHLXSnort snort: EAPOL: 0 (0.000%)
Mar 26 08:47:21 OEI-RHLXSnort snort: IPv6: 0 (0.000%)
Mar 26 08:47:21 OEI-RHLXSnort snort: IPX: 28 (0.000%)
Mar 26 08:47:21 OEI-RHLXSnort snort: OTHER: 1109115 (0.475%)
Mar 26 08:47:21 OEI-RHLXSnort snort: DISCARD: 0 (0.000%)
Mar 26 08:47:21 OEI-RHLXSnort snort:
===============================================================================
Mark
"Laura"
<uy38698 () adinet com uy> To: <snort-users () lists sourceforge net>
Sent by: cc:
snort-users-admin () lists sour Subject: [Snort-users] Snort Performance
ceforge.net
03/26/2004 10:30 AM
I'm thinking about placing an NIDS (linux box running red hat 8 with snort
v 2.0.2 + acid 0.9.6) on a 2950 sw where not only all the traffic from all
the companies goes by but also where the carriers connections ends.
Monitoring about 8 interfaces, the amount of traffic that it will see is
going to be really big.
Does anyone have any experience using snort in a critical point of the
network, loading lots of traffic. I'm interested in information about
performance, hardware of the machine used (type of card, amount of memory,
processor, etc) and comments tips or best practices in order to minimize
the possible problems of any kind.
TIA
Laura
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Performance mik sib (Jan 09)
- <Possible follow-ups>
- Snort performance SN ORT (Feb 02)
- RE: Snort performance Michael Steele (Feb 02)
- Snort Performance Laura (Mar 26)
- RE: Snort Performance Jim Hendrick (Mar 26)
- Re: Snort Performance Rodrigo B. Ramos (Mar 26)
- Re: Snort Performance Mark . Schutzmann (Mar 26)
- RE: Snort Performance Laura (Mar 26)