Snort mailing list archives
Poor performance with Snort 2.9.4.6 under OpenBSD 5.3
From: "C. L. Martinez" <carlopmart () gmail com>
Date: Thu, 30 May 2013 12:45:25 +0000
Hi all, According to the following stats: May 30 11:46:22 nsm01 snort[30096]: =============================================================================== May 30 11:46:22 nsm01 snort[30096]: Packet Performance Summary: May 30 11:46:22 nsm01 snort[30096]: max packet time : 10000 usecs May 30 11:46:22 nsm01 snort[30096]: packet events : 654 May 30 11:46:22 nsm01 snort[30096]: avg pkt time : 27.1384 usecs May 30 11:46:22 nsm01 snort[30096]: Rule Performance Summary: May 30 11:46:22 nsm01 snort[30096]: max rule time : 4096 usecs May 30 11:46:22 nsm01 snort[30096]: rule events : 20 May 30 11:46:22 nsm01 snort[30096]: avg rule time : 1.046 usecs May 30 11:46:22 nsm01 snort[30096]: =============================================================================== May 30 11:46:22 nsm01 snort[30096]: Packet I/O Totals: May 30 11:46:22 nsm01 snort[30096]: Received: 69971576 May 30 11:46:22 nsm01 snort[30096]: Analyzed: 22427618 ( 32.052%) May 30 11:46:22 nsm01 snort[30096]: Dropped: 41532168 ( 37.247%) May 30 11:46:22 nsm01 snort[30096]: Filtered: 0 ( 0.000%) May 30 11:46:22 nsm01 snort[30096]: Outstanding: 47543958 ( 67.948%) May 30 11:46:22 nsm01 snort[30096]: Injected: 0 May 30 11:46:22 nsm01 snort[30096]: =============================================================================== May 30 11:46:22 nsm01 snort[30096]: Breakdown by protocol (includes rebuilt packets): May 30 11:46:22 nsm01 snort[30096]: Eth: 22436767 (100.000%) May 30 11:46:22 nsm01 snort[30096]: VLAN: 0 ( 0.000%) May 30 11:46:22 nsm01 snort[30096]: IP4: 22436767 (100.000%) May 30 11:46:22 nsm01 snort[30096]: Frag: 12 ( 0.000%) May 30 11:46:22 nsm01 snort[30096]: ICMP: 110634 ( 0.493%) May 30 11:46:22 nsm01 snort[30096]: UDP: 752816 ( 3.355%) May 30 11:46:22 nsm01 snort[30096]: TCP: 19433478 ( 86.614%) using snort under OpenBSD 5.3 doesn't returns good performance. Host is a Intel(R) Xeon(R) CPU E5620 @ 2.40GHz, with 8 GiB RAM and four e1000 interfaces. In this sensor, I only use so_rules: # dynamic library rules # include $SO_RULE_PATH/bad-traffic.rules # include $SO_RULE_PATH/chat.rules include $SO_RULE_PATH/dos.rules include $SO_RULE_PATH/exploit.rules # include $SO_RULE_PATH/icmp.rules # include $SO_RULE_PATH/imap.rules include $SO_RULE_PATH/misc.rules include $SO_RULE_PATH/multimedia.rules include $SO_RULE_PATH/netbios.rules # include $SO_RULE_PATH/nntp.rules include $SO_RULE_PATH/p2p.rules include $SO_RULE_PATH/smtp.rules # include $SO_RULE_PATH/snmp.rules include $SO_RULE_PATH/specific-threats.rules include $SO_RULE_PATH/web-activex.rules include $SO_RULE_PATH/web-client.rules include $SO_RULE_PATH/web-iis.rules include $SO_RULE_PATH/web-misc.rules and monitored network is a 1GiB network. Any ideas why?? ------------------------------------------------------------------------------ Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET Get 100% visibility into your production application - at no cost. Code-level diagnostics for performance bottlenecks with <2% overhead Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap1 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Poor performance with Snort 2.9.4.6 under OpenBSD 5.3 C. L. Martinez (May 30)
- Re: Poor performance with Snort 2.9.4.6 under OpenBSD 5.3 C. L. Martinez (May 30)
- Re: Poor performance with Snort 2.9.4.6 under OpenBSD 5.3 Joel Esler (Jun 05)
- Re: Poor performance with Snort 2.9.4.6 under OpenBSD 5.3 Victor Roemer (Jun 05)
- Re: Poor performance with Snort 2.9.4.6 under OpenBSD 5.3 C. L. Martinez (Jun 06)
- Re: Poor performance with Snort 2.9.4.6 under OpenBSD 5.3 C. L. Martinez (Jun 07)
- Re: Poor performance with Snort 2.9.4.6 under OpenBSD 5.3 C. L. Martinez (Jun 12)
- Re: Poor performance with Snort 2.9.4.6 under OpenBSD 5.3 Victor Roemer (Jun 12)
- Re: Poor performance with Snort 2.9.4.6 under OpenBSD 5.3 C. L. Martinez (Jun 12)
- Re: Poor performance with Snort 2.9.4.6 under OpenBSD 5.3 Joel Esler (Jun 12)
- Re: Poor performance with Snort 2.9.4.6 under OpenBSD 5.3 C. L. Martinez (Jun 13)
- Re: Poor performance with Snort 2.9.4.6 under OpenBSD 5.3 Joel Esler (Jun 05)
- Re: Poor performance with Snort 2.9.4.6 under OpenBSD 5.3 C. L. Martinez (May 30)