Snort mailing list archives
Snort and Barnyard2 performance
From: Ron Haines <rhaines () grantspassoregon gov>
Date: Thu, 8 Aug 2013 22:16:23 +0000
I'm hoping someone has seen this before and can give me some suggestions. I recently installed snort, barnyard2, mysql, and base to monitor and log all of my network traffic. This encompasses nearly 500 devices. I used the installation and configuration guide from winsnort.com to get me going on a Windows 2008 x64 server. The system works, but Barnyard processing seems to be trailing the snort input. After 24 hours of collection, Barnyard2 is about 8 hours behind when comparing the timestamp information. I had let it run for 2 weeks, and barnyard2 was up to 8 days behind. I have verified that both snort and barnyard2 match my local/system time when I restarted both services, so I know that both programs process at the same start time. Does anyone know if there any settings in snort or barnyard2 to improve performance? Is there a performance limitation on barnyard2 or mysql that may be slowing it down? My system is: Windows Server 2008 x64, 16GB, 2Ghz Xeon Maybe I'm collecting too much, or have too many rules in place? I would like to monitor everything with this setup, if I can. Thanks in advance for your help. Ron Haines Computer Support Technician Information Technology Email: rhaines () grantspassoregon gov [Signature - Guide] ----------------------------------------------------------- DISCLOSURE: Messages to and from this E-mail address may be subject to Oregon Public Records Law. -----------------------------------------------------------
------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort and Barnyard2 performance Ron Haines (Aug 14)
- Re: Snort and Barnyard2 performance waldo kitty (Aug 14)