Snort mailing list archives
Re: Snort Optimizations
From: Y M <snort () outlook com>
Date: Fri, 13 Nov 2015 11:50:09 +0000
Comments inline. ________________________________________ From: Turnbough, Bradley E. <bturnbough () belcan com> Sent: Thursday, November 12, 2015 4:41 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Snort Optimizations Hi All, Does snort have the ability to use the latest / greatest GPU technology to help offload some of the traffic detection?
Not that I am aware of.
Other than being specifically compiled for PF_RING, are there any requirements of PF_RING? I.e. special hardware?
Other than PF_RING prerequisites and runtime options, I am not aware of specific requirements. Intel cards with PF_RING drivers can do a decent job. Most specialized hardware like network drivers usually come with their own sniffing drivers and libpcap/DAQ libraries. Other options than PF_RING are netmap which is baked into DAQ/Snort, and there is also Packet-Bricks which is still relatively experimental but seems promising. Your OS of choice also can add constraints. For example, PF_RING is not supported on *BSD systems.
Lastly, does snort need any additional flags during run time to be told to use any special CPU extensions? For example: open vpn can utilize the AESNI extension to speed up traffic encryption / decryption, but only if told specifically told to during run time. Otherwise it doesnt use the AESNI extension.
Not aware (again) of such support but combined with PF_RING, you can set CPU Affinity/Pinning per Snort process to support load balanced packets/streams. In general, maintain a balance between fast CPUs and number of cores per CPU. Other optimizations include network driver optimizations, OS-level optimizations, and the greatest optimization of all is rules tuning.
Hope this helps. _____________________________________________________________ This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort Optimizations Turnbough, Bradley E. (Nov 12)
- Re: Snort Optimizations Y M (Nov 13)