Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort and Barnyard2 performance

From: Ron Haines <rhaines () grantspassoregon gov>
Date: Thu, 8 Aug 2013 22:16:23 +0000
I'm hoping someone has seen this before and can give me some suggestions. I recently installed snort, barnyard2, mysql, 
and base to monitor and log all of my network traffic. This encompasses nearly 500 devices. I used the installation and 
configuration guide from winsnort.com to get me going on a Windows 2008 x64 server. The system works, but Barnyard 
processing seems to be trailing the snort input. After 24 hours of collection, Barnyard2 is about 8 hours behind when 
comparing the timestamp information. I had let it run for 2 weeks, and barnyard2 was up to 8 days behind. I have 
verified that both snort and barnyard2 match my local/system time when I restarted both services, so I know that both 
programs process at the same start time.

Does anyone know if there any settings in snort or barnyard2 to improve performance?
Is there a performance limitation on barnyard2 or mysql that may be slowing it down?

My system is: Windows Server 2008 x64, 16GB, 2Ghz Xeon

Maybe I'm collecting too much, or have too many rules in place? I would like to monitor everything with this setup, if 
I can.

Thanks in advance for your help.

Ron Haines
Computer Support Technician
Information Technology
Email: rhaines () grantspassoregon gov
[Signature - Guide]


-----------------------------------------------------------

DISCLOSURE: Messages to and from this E-mail address may be subject to Oregon Public Records Law.
-----------------------------------------------------------


------------------------------------------------------------------------------
Get 100% visibility into Java/.NET code with AppDynamics Lite!
It's a free troubleshooting tool designed for production.
Get down to code-level detail for bottlenecks, with <2% overhead. 
Download for free and get started troubleshooting in minutes. 
http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: