Welcome, Guest. Please login or register.
Did you miss your activation email?
Friday 01 November 2024, 11:29:18 pm

Login with username, password and session length

Visit the Official Endian Reference Manual  HERE
14248 Posts in 4376 Topics by 6515 Members
Latest Member: hulteends
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  snort - performance
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: snort - performance  (Read 10547 times)
mvrk
Full Member
***
Offline Offline

Posts: 26


« on: Monday 18 April 2011, 09:17:06 pm »

Hi,

I've got an internet line with 120Mbs.

If i activate snort, even with just 1 or 2 rules, my speed decreases to 20Mbs ... 30 Mbs.

Does anyone have this kind of problem?
Logged
cdx304
Jr. Member
*
Offline Offline

Posts: 7


« Reply #1 on: Saturday 07 May 2011, 04:05:52 am »

What is your cpu speed in that endian box how much ram ?
Logged
mvrk
Full Member
***
Offline Offline

Posts: 26


« Reply #2 on: Saturday 07 May 2011, 04:13:32 pm »

I'ts a virtual machine with 2G ram 2 vcpus, vmware esxi 4.1 U1, the physical machine has an intel xeon 3040 @ 1.86GHz
Logged
vector
Jr. Member
*
Offline Offline

Posts: 2


« Reply #3 on: Wednesday 15 June 2011, 09:15:13 am »

I'ts a virtual machine with 2G ram 2 vcpus, vmware esxi 4.1 U1, the physical machine has an intel xeon 3040 @ 1.86GHz

I did try a lot of virtualized firewall. mostly on Hyper-V. It seems that the basic problem is poor implementation of Snort and most logging. On a very powerful hardware, I ran into a problem about 80megabit permeability. According to the documentation you need to change the system logs and other things ". / snort-d-c snort.conf-l. / log-h 192.168.1.0/24-r snort.log"or something like that: D At the moment I did not have time to deal with . Another bad implementation of a "top": (. virtualization and come across the same problem around 21megabit. It does not matter if you use PAE and SNMP, how many cores you have, or you are using HT. The problem is the utilization of a single core process that can not be divided. Implementation SNORT EFW is absolutely desperate. There is no possibility of anything set via the GUI and very difficult otherwise. SNORT against implementing such Pfsense is a huge difference. The thing to determine the Home Network. Direction control, exceptions, time blocking, etc. Otherwise it is a great EFW firewall. Such things needlessly destroying it. At least the opportunity to bind to a specific interface if it was.
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.047 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com