Glad to have you here Marty. I'm running RHWS 3 on the sensors and I'm pretty
sure my hardware should deliver the performance I expected - 3.2GHz Xeon with
1Gig RAM. I have tuned stream4 preprocessor to 128MB and frag2 to use 64MB,
although I have not seen any memory faults yet. I would try to take Barry's
advise and upgrade my libpcap to 3.8.3 (I'm currently on 3.7.2) and hope to get
a performance boost. Any further advise or suggestions are appreciated!
ps. I'm still at the implementation stage and that's why I'm running the
verbose mode. I'll take it out once it go to production.
Hugo
Martin Roesch <roesch@sourcefire.com> wrote:
Hi Hugo,
Try getting rid of the -v option when you're running Snort, that may be
draining some performance and since you're in daemon mode. What's the
platform/specs of the box you're running Snort on?
-Marty
On Jan 26, 2005, at 12:32 PM, Hugo wrote:
I have realized that Snort has been dropping packets even I'm running
it inconjuction with Barnyard. Does anybody know what causes Snort to
drop packets? I'm running Barnyard with these options:
barnyard -c -d -g -f -s -n -w -a
and Snort with the following:
snort -c -i -g -Dv
I'm recording about 1%-2% of packets being dropped by Snort...
sometimes as high as 6%. Many thanks!
Hugo
__________________________________________________________________
Switch to Netscape Internet Service.
As low as $9.95 a month -- Sign up today at
http://isp.netscape.com/register
Netscape. Just the Net You Need.
New! Netscape Toolbar for Internet Explorer
Search from anywhere on the Web and block those annoying pop-ups.
Download now at http://channels.netscape.com/ns/search/install.jsp
-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
--
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Discover. Determine. Defend.
roesch@sourcefire.com - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org
__________________________________________________________________
Switch to Netscape Internet Service.
As low as $9.95 a month -- Sign up today at http://isp.netscape.com/register
Netscape. Just the Net You Need.
New! Netscape Toolbar for Internet Explorer
Search from anywhere on the Web and block those annoying pop-ups.
Download now at http://channels.netscape.com/ns/search/install.jsp
-------------------------------------------------------
This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting
Tool for open source databases. Create drag-&-drop reports. Save time
by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc.
Download a FREE copy at http://www.intelliview.com/go/osdn_nl
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
