Snort mailing list archives
Re: Snort CPU usage
From: Josh Bitto <jbitto () onlineschool ca>
Date: Tue, 19 Feb 2013 08:22:28 -0800
Ok let me throw a wrench at that....I'll be using proxmox to create virtual machines thus virtual nics.....Will that matter? From: Mike Miller [mailto:mike () millertwinracing com] Sent: Monday, February 18, 2013 5:01 PM To: Josh Bitto Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Snort CPU usage I believe they solved the problem by dodging it. Rather than multi-threading snort, they use PF_RING to get access closer to the hardware, and does so in a way that multiple threads running the same config will get access to separate packets (I'm still coming up to speed on it). There are also PF_RING aware NICS that greatly improve processing....and I believe Suricata is multi-threaded, but I haven't used it yet, myself. On Feb 18, 2013, at 3:39 PM, Josh Bitto <jbitto () onlineschool ca<mailto:jbitto () onlineschool ca>> wrote: I'm bumping this back up.....I'm curious to hear. Is snort still only single threaded on a CPU or have newer versions allowed it to run on more than one core? I'm wanting to make sure I have enough machine to run my WAN and about 4 VLANs Each would have an interface to monitor, but where I'm stuck is the rule sets... I read online where a great determining calculation is this... 1 CPU = (1000 signatures ) * (500 megabits network traffic) So my question would be....if each interface has its own rule set aside from the main download of rules. Does that factor in? From: Josh Bitto [mailto:jbitto () onlineschool ca<http://onlineschool.ca>] Sent: Monday, February 18, 2013 8:29 AM To: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net> Subject: [Snort-users] Snort CPU usage Does anyone have a url or program where I can calculate hardware requirements for running snort on my network? ------------------------------------------------------------------------------ The Go Parallel Website, sponsored by Intel - in partnership with Geeknet, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials, tech docs, whitepapers, evaluation guides, and opinion stories. Check out the most recent posts - join the conversation now. http://goparallel.sourceforge.net/_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort CPU usage Josh Bitto (Feb 18)
- Re: Snort CPU usage Josh Bitto (Feb 18)
- Re: Snort CPU usage waldo kitty (Feb 18)
- Re: Snort CPU usage Josh Bitto (Feb 19)
- Re: Snort CPU usage Mike Miller (Feb 18)
- Re: Snort CPU usage Josh Bitto (Feb 19)
- Re: Snort CPU usage waldo kitty (Feb 18)
- Re: Snort CPU usage Josh Bitto (Feb 18)