Re: Re: *BSD performance (was:Correct version of libpcap?)

[Christian Ehlen <Christian.Ehlen () gmx de>]

On Wed, 2004-02-04 at 10:13, Martin Olsson wrote:
> Do you have any hints of how to boost the performance? I'm running snort
> on a non-tweaked FreeBSD 4.9 system.
>
> What kind of tweaks can/should I do?

I've reffered to the NSS IDS Group Test Edition 4 (http://nss.co.uk).

"We also prefer BSD over Linux for running Snort, having seen huge
performance improvements in the past by simply moving Snort from Linux
to FreeBSD on the same hardware.  

At this point, we should point out that we have not tested Snort on more
recent Linux releases using ring buffered pcap, and this could make a
significant difference to performance. This is certainly a test we would
like to run for ourselves in the future, but for now, FreeBSD is the OS
of choice for Snort within our organisation - YMMV!"

I think they've the right testing environment and methodology ...

Maybe anyone knows certain performance results in relation to
turbo_packet <> *bsd.

-- 
GnuPG signed + encrypted messages welcome
Key fingerprint = BFBE 3FD4 0C8B AA45 F6B6  6962 2FE7 A299 4675 1715
Public key can be found on keyservers (e.g. wwwkeys.de.pgp.net - 
keyID = 46751715)

Attachment: signature.asc
Description: This is a digitally signed message part