RE: Low Snort performances

[todb () planb-security net]

Bob Walder wrote:

> We were using a dual P4 box with a server-class chipset, 2GB RAM and
> Intel NICs. [...] I can say that one of the main differences between our
> test rig and your sensor is that we used FreeBSD for the underlying OS.

I haven't seen many reports of Snort successfully running on *BSD with
SMP. I don't follow the BSDs very closely, but I know SMP support fairly
new (1 year?) in FreeBSD.... Googling... yep. http://www.freebsd.org/smp/
. Well, that makes me happy.

The lack of reliable BSD multiprocessor support has been The Reason I've
been advocating Snort (and other things) on Linux lately. I may have to
change my tune.

While I'm posting, I may as well ask (I've hunted around in the archives,
but I couldn't find a definitive answer): Does anyone have handy some
benchmark results for Snort on various architectures? I'm primarily
interested in hearing about lab/real world experiences with Snort's
maximum network loads, depending on architecture -- both the sensor and
whatever backend processing (acid etc). I can't find much about Snort and
gigabit loads, aside from the fact that Sourcefire sells a gigabit IDS
toaster.

-- 
Tod Beardsley | planb-security.net


-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users