OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Re: [Snort-users] Snort performance on Solaris 10 x86

From: sekure (sekuregmail.com)
Date: Tue Oct 16 2007 - 10:08:06 CDT


Yep, it definitely used to be that way. I was hoping that with all the
changes in Solaris 10 they might have addressed the issue and in
running the x86 version, i'd be able to take advantage of PCI-X nics.
But i guess it hasn't been tried, and probably for a good reason.

On 10/16/07, Martin Roesch <roeschsourcefire.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I haven't looked at Solaris performance in years but as I recall the
> packet acquisition on the OS was very slow compared to linux and the
> BSD's.
>
> -Marty
>
> On Oct 16, 2007, at 8:45 AM, sekure wrote:
>
> > Bump...
> >
> > Anybody have any opinion? Anyone want to take a guess?
> >
> > ---------- Forwarded message ----------
> > From: sekure <sekuregmail.com>
> > Date: Oct 12, 2007 1:40 PM
> > Subject: Snort performance on Solaris 10 x86
> > To: Snort Users <snort-userslists.sourceforge.net>
> >
> >
> > Has anyone done any benchmarking for snort performance on Solaris 10
> > x86 vs. Linux or BSD?
> >
> > I am currently running snort 2.4.2 on RedHat on 3 year old HP DL360
> > with Phil Wood's mmapped libpcap library, and handling 30-40 Mbps
> > pretty comfortably. In the past I had problems capturing 1/10th of
> > that on Solaris 8 with comparable Sparc hardware, CPU would go through
> > the roof, packets dropped on the floor.
> >
> > The hardware warranty is about to expire and I am going to have to
> > upgrade. The Unix admins at my company are pushing me to migrate to
> > Solaris 10 x86, since it's easier for them to maintain, and personally
> > i don't mind, IF the performance is there. But I can't seem to find
> > anything on this list or anywhere for that matter with regards to
> > Snort performance on Solaris 10.
> >
> > I can certainly undertake the testing myself, but I thought I'd ask
> > the list first. So, anyone running Snort on Solaris 10 at any
> > significant speeds? Any special tweeks to make it work? Or should I
> > just stick with what works?
> >
> > Thanks in advance.
> >
> > ----------------------------------------------------------------------
> > ---
> > This SF.net email is sponsored by: Splunk Inc.
> > Still grepping through log files to find problems? Stop.
> > Now Search log events and configuration files using AJAX and a
> > browser.
> > Download your FREE copy of Splunk now >> http://get.splunk.com/
> > _______________________________________________
> > Snort-users mailing list
> > Snort-userslists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
>
> - --
> Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
> Sourcefire - Security for the Real World - http://www.sourcefire.com
> Snort: Open Source IDP - http://www.snort.org
>
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.5 (Darwin)
>
> iD8DBQFHFMvfqj0FAQQ3KOARAj9wAJ9tSwfRCpjI7kgLBC9H79xhUORkGQCfW+fa
> jyLjSuD3dmhMMugp6WA7VhM=
> =Goj8
> -----END PGP SIGNATURE-----
>

-------------------------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc.
Still grepping through log files to find problems? Stop.
Now Search log events and configuration files using AJAX and a browser.
Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users