|
Title: snort - performance Post by: mvrk on Monday 18 April 2011, 09:17:06 pm Hi,
I've got an internet line with 120Mbs. If i activate snort, even with just 1 or 2 rules, my speed decreases to 20Mbs ... 30 Mbs. Does anyone have this kind of problem? Title: Re: snort - performance Post by: cdx304 on Saturday 07 May 2011, 04:05:52 am What is your cpu speed in that endian box how much ram ?
Title: Re: snort - performance Post by: mvrk on Saturday 07 May 2011, 04:13:32 pm I'ts a virtual machine with 2G ram 2 vcpus, vmware esxi 4.1 U1, the physical machine has an intel xeon 3040 @ 1.86GHz
Title: Re: snort - performance Post by: vector on Wednesday 15 June 2011, 09:15:13 am I'ts a virtual machine with 2G ram 2 vcpus, vmware esxi 4.1 U1, the physical machine has an intel xeon 3040 @ 1.86GHz I did try a lot of virtualized firewall. mostly on Hyper-V. It seems that the basic problem is poor implementation of Snort and most logging. On a very powerful hardware, I ran into a problem about 80megabit permeability. According to the documentation you need to change the system logs and other things ". / snort-d-c snort.conf-l. / log-h 192.168.1.0/24-r snort.log"or something like that: D At the moment I did not have time to deal with . Another bad implementation of a "top": (. virtualization and come across the same problem around 21megabit. It does not matter if you use PAE and SNMP, how many cores you have, or you are using HT. The problem is the utilization of a single core process that can not be divided. Implementation SNORT EFW is absolutely desperate. There is no possibility of anything set via the GUI and very difficult otherwise. SNORT against implementing such Pfsense is a huge difference. The thing to determine the Home Network. Direction control, exceptions, time blocking, etc. Otherwise it is a great EFW firewall. Such things needlessly destroying it. At least the opportunity to bind to a specific interface if it was. |