Snort mailing list archives
Re: Re: *BSD performance (was:Correct version of libpcap?)
From: Christian Ehlen <Christian.Ehlen () gmx de>
Date: Sat, 07 Feb 2004 18:22:29 +0100
On Wed, 2004-02-04 at 10:13, Martin Olsson wrote:
Do you have any hints of how to boost the performance? I'm running snort on a non-tweaked FreeBSD 4.9 system. What kind of tweaks can/should I do?
I've reffered to the NSS IDS Group Test Edition 4 (http://nss.co.uk). "We also prefer BSD over Linux for running Snort, having seen huge performance improvements in the past by simply moving Snort from Linux to FreeBSD on the same hardware. At this point, we should point out that we have not tested Snort on more recent Linux releases using ring buffered pcap, and this could make a significant difference to performance. This is certainly a test we would like to run for ourselves in the future, but for now, FreeBSD is the OS of choice for Snort within our organisation - YMMV!" I think they've the right testing environment and methodology ... Maybe anyone knows certain performance results in relation to turbo_packet <> *bsd. -- GnuPG signed + encrypted messages welcome Key fingerprint = BFBE 3FD4 0C8B AA45 F6B6 6962 2FE7 A299 4675 1715 Public key can be found on keyservers (e.g. wwwkeys.de.pgp.net - keyID = 46751715)
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Correct version of libpcap? Sheahan, Paul (Feb 02)
- Re: Correct version of libpcap? Erek Adams (Feb 02)
- Re: Correct version of libpcap? Christian Ehlen (Feb 03)
- Re: *BSD performance (was:Correct version of libpcap?) Martin Olsson (Feb 04)
- Re: Re: *BSD performance (was:Correct version of libpcap?) Christian Ehlen (Feb 07)
- Re: *BSD performance (was:Correct version of libpcap?) Martin Olsson (Feb 04)