Snort mailing list archives

Re: Snort Performance

From: "Rodrigo B. Ramos" <rodrigo.ramos () triforsec com br>
Date: Fri, 26 Mar 2004 18:21:57 -0300

Hi,

The Performance Monitor preprocessor can help you a lot.
Let me know if you have any problems?


Best regards,
Rodrigo Ramos
http://www.triforsec.com.br
http://www.defenselayer.com
http://www.nabucodonosor.com



On Fri, 2004-03-26 at 10:30, Laura wrote:

I'm thinking about placing an NIDS (linux box running red hat 8 with
snort v 2.0.2 + acid 0.9.6) on a 2950 sw where not only all the
traffic from all the companies goes by but also where the carriers
connections ends.
 
Monitoring about 8 interfaces, the amount of traffic that it will see
is going to be really big. 
 
Does anyone have any experience using snort in a critical point of the
network, loading lots of traffic. I'm interested in information about
performance, hardware of the machine used (type of card, amount of
memory, processor, etc) and comments tips or best practices in order
to minimize the possible problems of any kind.
 
TIA
 
Laura

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

Snort Performance mik sib (Jan 09)
- <Possible follow-ups>
- Snort performance SN ORT (Feb 02)
  - RE: Snort performance Michael Steele (Feb 02)
- Snort Performance Laura (Mar 26)
  - RE: Snort Performance Jim Hendrick (Mar 26)
  - Re: Snort Performance Rodrigo B. Ramos (Mar 26)
- Re: Snort Performance Mark . Schutzmann (Mar 26)
  - RE: Snort Performance Laura (Mar 26)