Snort mailing list archives

RE: Snort performance concerns

From: Richard Bejtlich <taosecurity () gmail com>
Date: Fri, 30 Sep 2005 11:37:26 -0400

Larry,

I heartily endorse suggestions by Jeff and Joel to use Barnyard.  It
is a tragedy that so many configuration guides and books neglect this
important aspect of running Snort with database support.

If you have the option to test your configuration on FreeBSD or
NetBSD, you might want to gather per-process packet loss metrics using
bpfstat.  I tested it on FreeBSD 6.0 recently.  [0] I don't know of an
equivalent way to collect the same sorts of data (in similar formats)
on Linux.  If anyone does, a reply here would be helpful.

Sincerely,

Richard

[0] http://taosecurity.blogspot.com/2005/09/notes-on-network-security-monitoring.html


-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort performance concerns Larry Wichman (Sep 30)
- Re: Snort performance concerns Joel Esler (Sep 30)
  - Re: Snort performance concerns Larry Wichman (Sep 30)
    - RE: Snort performance concerns Jeff Dell (Sep 30)
    - Re: Snort performance concerns Joel Esler (Sep 30)
- Re: Snort performance concerns sekure (Sep 30)
- RE: Snort performance concerns Jeff Dell (Sep 30)
- <Possible follow-ups>
- RE: Snort performance concerns Joshua Berry (Sep 30)
- RE: Snort performance concerns Richard Bejtlich (Sep 30)