Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Poor performance using snort 2.8.x in inline mode

From: carlopmart <carlopmart () gmail com>
Date: Wed, 21 Jan 2009 11:54:18 +0100
I ma using stick rhel kernel and selinux is disabled.

uname -a
Linux sombragris.hpulabs.org 2.6.18-92.1.22.el5 #1 SMP Fri Dec 5 09:29:46 EST 
2008 i686 i686 i386 GNU/Linux

lspci -v
00:00.0 Host bridge: Intel Corporation 440BX/ZX/DX - 82443BX/ZX/DX Host bridge 
(rev 01)
         Subsystem: VMware Inc Virtual Machine Chipset
         Flags: bus master, medium devsel, latency 0

00:01.0 PCI bridge: Intel Corporation 440BX/ZX/DX - 82443BX/ZX/DX AGP bridge 
(rev 01) (prog-if 00 [Normal decode])
         Flags: bus master, 66MHz, medium devsel, latency 0
         Bus: primary=00, secondary=01, subordinate=01, sec-latency=64

00:07.0 ISA bridge: Intel Corporation 82371AB/EB/MB PIIX4 ISA (rev 08)
         Subsystem: VMware Inc Virtual Machine Chipset
         Flags: bus master, medium devsel, latency 0

00:07.1 IDE interface: Intel Corporation 82371AB/EB/MB PIIX4 IDE (rev 01) 
(prog-if 8a [Master SecP PriP])
         Subsystem: VMware Inc Virtual Machine Chipset
         Flags: medium devsel
         I/O ports at 1050 [size=16]

00:07.3 Bridge: Intel Corporation 82371AB/EB/MB PIIX4 ACPI (rev 08)
         Subsystem: VMware Inc Virtual Machine Chipset
         Flags: medium devsel, IRQ 9

00:0f.0 VGA compatible controller: VMware Inc Abstract SVGA II Adapter (prog-if 
00 [VGA controller])
         Subsystem: VMware Inc Abstract SVGA II Adapter
         Flags: medium devsel
         I/O ports at 1060 [size=16]
         Memory at f8000000 (32-bit, non-prefetchable) [size=64M]
         Memory at f4000000 (32-bit, non-prefetchable) [size=8M]
         [virtual] Expansion ROM at 30030000 [disabled] [size=32K]

00:10.0 SCSI storage controller: LSI Logic / Symbios Logic 53c1030 PCI-X 
Fusion-MPT Dual Ultra320 SCSI (rev 01)
         Flags: bus master, medium devsel, latency 64, IRQ 169
         I/O ports at 1080 [size=128]
         Memory at f4830000 (32-bit, non-prefetchable) [size=4K]
         [virtual] Expansion ROM at 30038000 [disabled] [size=16K]

00:11.0 Ethernet controller: Intel Corporation 82545EM Gigabit Ethernet 
Controller (Copper) (rev 01)
         Subsystem: VMware Inc Abstract PRO/1000 MT Single Port Adapter
         Flags: bus master, 66MHz, medium devsel, latency 0, IRQ 177
         Memory at f4840000 (64-bit, non-prefetchable) [size=128K]
         Memory at f4800000 (64-bit, non-prefetchable) [size=64K]
         I/O ports at 1400 [size=64]
         [virtual] Expansion ROM at 30000000 [disabled] [size=64K]
         Capabilities: [dc] Power Management version 2
         Capabilities: [e4] PCI-X non-bridge device

00:12.0 Ethernet controller: Intel Corporation 82545EM Gigabit Ethernet 
Controller (Copper) (rev 01)
         Subsystem: VMware Inc Abstract PRO/1000 MT Single Port Adapter
         Flags: bus master, 66MHz, medium devsel, latency 0, IRQ 185
         Memory at f4860000 (64-bit, non-prefetchable) [size=128K]
         Memory at f4810000 (64-bit, non-prefetchable) [size=64K]
         I/O ports at 1440 [size=64]
         [virtual] Expansion ROM at 30010000 [disabled] [size=64K]
         Capabilities: [dc] Power Management version 2
         Capabilities: [e4] PCI-X non-bridge device

00:13.0 Ethernet controller: Intel Corporation 82545EM Gigabit Ethernet 
Controller (Copper) (rev 01)
         Subsystem: VMware Inc Abstract PRO/1000 MT Single Port Adapter
         Flags: bus master, 66MHz, medium devsel, latency 0, IRQ 193
         Memory at f4880000 (64-bit, non-prefetchable) [size=128K]
         Memory at f4820000 (64-bit, non-prefetchable) [size=64K]
         I/O ports at 1480 [size=64]
         [virtual] Expansion ROM at 30020000 [disabled] [size=64K]
         Capabilities: [dc] Power Management version 2
         Capabilities: [e4] PCI-X non-bridge device

lspci -v -n
00:00.0 0600: 8086:7190 (rev 01)
         Subsystem: 15ad:1976
         Flags: bus master, medium devsel, latency 0

00:01.0 0604: 8086:7191 (rev 01)
         Flags: bus master, 66MHz, medium devsel, latency 0
         Bus: primary=00, secondary=01, subordinate=01, sec-latency=64

00:07.0 0601: 8086:7110 (rev 08)
         Subsystem: 15ad:1976
         Flags: bus master, medium devsel, latency 0

00:07.1 0101: 8086:7111 (rev 01) (prog-if 8a)
         Subsystem: 15ad:1976
         Flags: medium devsel
         I/O ports at 1050 [size=16]

00:07.3 0680: 8086:7113 (rev 08)
         Subsystem: 15ad:1976
         Flags: medium devsel, IRQ 9

00:0f.0 0300: 15ad:0405
         Subsystem: 15ad:0405
         Flags: medium devsel
         I/O ports at 1060 [size=16]
         Memory at f8000000 (32-bit, non-prefetchable) [size=64M]
         Memory at f4000000 (32-bit, non-prefetchable) [size=8M]
         [virtual] Expansion ROM at 30030000 [disabled] [size=32K]

00:10.0 0100: 1000:0030 (rev 01)
         Flags: bus master, medium devsel, latency 64, IRQ 169
         I/O ports at 1080 [size=128]
         Memory at f4830000 (32-bit, non-prefetchable) [size=4K]
         [virtual] Expansion ROM at 30038000 [disabled] [size=16K]

00:11.0 0200: 8086:100f (rev 01)
         Subsystem: 15ad:0750
         Flags: bus master, 66MHz, medium devsel, latency 0, IRQ 177
         Memory at f4840000 (64-bit, non-prefetchable) [size=128K]
         Memory at f4800000 (64-bit, non-prefetchable) [size=64K]
         I/O ports at 1400 [size=64]
         [virtual] Expansion ROM at 30000000 [disabled] [size=64K]
         Capabilities: [dc] Power Management version 2
         Capabilities: [e4] PCI-X non-bridge device

00:12.0 0200: 8086:100f (rev 01)
         Subsystem: 15ad:0750
         Flags: bus master, 66MHz, medium devsel, latency 0, IRQ 185
         Memory at f4860000 (64-bit, non-prefetchable) [size=128K]
         Memory at f4810000 (64-bit, non-prefetchable) [size=64K]
         I/O ports at 1440 [size=64]
         [virtual] Expansion ROM at 30010000 [disabled] [size=64K]
         Capabilities: [dc] Power Management version 2
         Capabilities: [e4] PCI-X non-bridge device

00:13.0 0200: 8086:100f (rev 01)
         Subsystem: 15ad:0750
         Flags: bus master, 66MHz, medium devsel, latency 0, IRQ 193
         Memory at f4880000 (64-bit, non-prefetchable) [size=128K]
         Memory at f4820000 (64-bit, non-prefetchable) [size=64K]
         I/O ports at 1480 [size=64]
         [virtual] Expansion ROM at 30020000 [disabled] [size=64K]
         Capabilities: [dc] Power Management version 2
         Capabilities: [e4] PCI-X non-bridge device



Jim McCullough wrote:

Can you provide the following information for a bit better of an idea of 
finding the bottleneck?  Also is this a stock RHEL kernel build and is 
selinux enable?

lspci -v
lspci -v -n

uname -a

On Wed, Jan 21, 2009 at 3:50 AM, carlopmart <carlopmart () gmail com 
<mailto:carlopmart () gmail com>> wrote:

    I think that the problem is with network. CPU is idle at 95%. Memory
    is using at
    50% and I use e1000 nics on this host.

    Putting snort without inline mode (but using the same rules)
    throughput is very
    very acceptable (11 MB/s). I am testing it copying a 100MB file over
    snort
    bridge ....





-- 
CL Martinez
carlopmart {at} gmail {d0t} com

------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: