[Snort-users] Improving overall performance of snort and stopping those drops
This is a discussion on [Snort-users] Improving overall performance of snort and stopping those drops within the Snort forums, part of the System Security and Security Related category; I am using snort to collect packets on a gig connection that gets on average 1.3 tB/s. System: ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
11-05-2003
|
|||
|
|||
[Snort-users] Improving overall performance of snort and stopping those drops
I am using snort to collect packets on a gig connection that gets on
average 1.3 tB/s. System: P4 3 Ghz 333MHZ 4Gig Ram Linux Kernel 2.4.20 Snort 2.0.2 Rules ~8 Libpcap with shared memory ring buffers (http://public.lanl.gov/cpw/) Log out: Unified using barnyard for mysql insertion Without the above libpcap I was dropping between 30% and 40%, however with it my loss dropped down to between 10% and 20%! What else can I do to get that extra bit down to 0? The machine should be capable of this shouldn't it? What is my limiting factor now? Is there a huge advancement in performance in the 2.6.x kernel branch? What about CVS Snort? I do not want to use BPFs because I do not want to blind my IDS in anyway. The Snort setup is internal to our subnet anyways so all traffic it sees is our traffic. Any tips or tricks are greatly appreciated! Thank you, Scott ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
