Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort performance concerns

From: nwr <nwr () wvi com>
Date: Fri, 30 Sep 2005 18:14:32 -0700
Larry-
I have some Sourcefire NS3020F chassis- dual pentium 2.4ghz, 2 gig of ram and a Intel Pro 1000base SFP fiber Gig uplink- I think sourcefire sold these with software for $30,000 each- 



I am selling these for $1495 each with a 30 day warranty

Let me know if you can use them- I have 4 in stock-


Chris Blackburn
NWR Inc
360 Belmont St. NE
Salem OR 97301
(503) 391-8191 Ext 1#
(503) 375-8470 FAX
nwr () wvi com
IM= Chris NWR
www.internet-gear.com
We are always buying Cisco(12000, Cerent 15454, , Alteon, Extreme Networks, IXIA, Foundry, Dialogic, Clarent, Excel-Lucent, Lucent DACS, Eastern Research. Junper, Unisphere, Redback, Nuera, Natural Microsystem, Smartbits, Adtech, Spirent, CAC, Cosine, Sonus, Alcatel Omnicore, HP Procurve, Datakinetics, NACT, Nortel Passport 15000, Quintum Gateways, Western Multiplex, Digital Lightwave, 3com, Netscreen 



http://osec.neohapsis.com/results/nids/sourcefire-ns3020f-2.6-06.25.2003/





Larry Wichman wrote:
I enabled Performance Monitor on my sensors and I have some concerns after looking at some of the performance stats. First, I have three sensors, two of which average 96mb/sec of traffic and the dropped packets percentage average is about 10% (proc and memory utilization are high, as expected). I have a third sensor that sees an average of about 5mb/sec and has the same amount of dropped packets, memory and proc utilization are minimal. I have implemented all the suggested optimizations (I think), patched Libpcap, etc….I can understand that there would be some dropped packets when the traffic is at a high, continuous load, but the third sensor with the same amount of dropped packets with only a fraction of the traffic concerns me. I am thinking about upgrading the hardware (faster proc, bus speeds, etc…), but I might be wasting money if the stats are the same. Does anyone have any input as to what is causing the dropped packets?
Also, my boss told me to start evaluating commercial products. My first choice would be Sourcfire, I really do like working with Snort, but I need whatever product I choose to be able to handle the amount of traffic that we have. I would greatly appreciate any input on this. Cheers. 

Larry





-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: