packet dropping question

[Mike Shaw <mshaw () wwisp com>]

I've been experiencing packet loss, and although I'm pushing the envelope 
with the topology (I won't go into that yet), I'm a little curious as to 
the symptoms.

When I exclude all of my rules except two and run the process overnight, 
snort reports very minimal packet loss.  When I start increasing the number 
of rules, the packet loss gradually increases (seemingly in proportion, but 
it's hard to tell).

I was originally running on a PII 233, but upgraded to a PIII 500 to see if 
it was just a horsepower issue.  It helped a little bit, but not much.

Is the packet loss snort is reporting from the kernel, or is it from 
snort?  If it is from snort, is the solution just a bigger processor? I 
also disabled mysql logging while performing this test to see if barnyard 
might be the solution but there was no real impact.

Thanks for any input
-Mike


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users