Snort mailing list archives
Re: Snort, Barnyard, Mysql
From: João Mota <joao () 3gnt net>
Date: Mon, 17 Oct 2005 11:14:34 +0100
Jason Brvenik wrote:
I've run some tests some months ago with a single processor using nice on the barnyard. The result was an even faster snort sensor. The second question was to move tge unified files to another box (not the database). I think that this is not a good idea becouse it would depend on a network filesystem or a cron file transfer. This would generate traffic and would launch processes that could also choke the CPU. Why not just use barnyard? I haven't compare traffic that would result with a network file system against the barnayrd/sql one, but should'nt be that diferent so why add more complexity to the solution?Raymond Owens wrote:I have several questions relating to the use of Snort, Barnyard and Mysql that hopefully someone can shed some light on. First , I have heard that if Barnyard is run on the same platform that the Snort sensor resides on, there is no performance enhancement because the same box is doing both the sensing and the unified file output parsing. Is this true? If so, what methods are employed to get the unified files to another box?This is not true. Unified output is much faster than other output methods. Running barnyard on the same single processor system might have some cost associated with the sensing instance but if you are running at those speeds you should have a multiprocessor system for the task any way. Moving the database to a different system is also a good idea if you have high performance needs.
Answering your first question... Using barnyard enchances the perfomance, even when it is on the same box and not "niced". But you should try lowering it's priority.
------------------------------------------------------- This SF.Net email is sponsored by: Power Architecture Resource Center: Free content, downloads, discussions, and more. http://solutions.newsforge.com/ibmarch.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort, Barnyard, Mysql Raymond Owens (Oct 15)
- Re: Snort, Barnyard, Mysql Jason Brvenik (Oct 15)
- Re: Snort, Barnyard, Mysql João Mota (Oct 17)
- Re: Snort, Barnyard, Mysql Jason Brvenik (Oct 15)