NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Snort IDS> 2009-07

Re: [Snort-users] Updated IP Blacklisting patch (version 2)

From: Eoin Miller (eoin.millertrojanedbinaries.com)
Date: Thu Jul 09 2009 - 14:03:40 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Martin Roesch wrote:
> On Thu, Jul 9, 2009 at 9:34 AM, Eoin
> Miller<eoin.millertrojanedbinaries.com> wrote:
>
> Good point, I'll make the change.
>
> Any stats on CPU usage? Did the gotos or different arrangement result
> in any savings?
>
>
> Marty
>
>
>
Looks like the gotos actually end up using slightly more processing time
for some reason? These two processes were started within a second of
each other. The iplist with goto's ends up using slightly more time
after running for a few hours:

%CPU %MEM TIME+
COMMAND

  54 3.6 58:09.50 snort -c /etc/snort/snort-goto-yes.conf -l
/root/goto-yes/log/ -A fast
  26 3.6 54:21.04 snort -c /etc/snort/snort-goto-no.conf -l
/root/goto-no/log/ -A fast

Performance graphs are pretty similiar, there was a bit of a spike in
the version that is NOT using the goto's at one point. But overall the
non-goto version appears to be more streamlined ever so slightly:

http://trojanedbinaries.com/security/snort/cpu-goto-vs-original.png

Color Lines = goto version
Black Lines = without goto's

Not exactly what I was expecting. Also, since we are not using the
whitelisting functionality I can't say that there isn't an increase in
performance in that aspect, I would expect there to be one.

--
Eoin Miller

------------------------------------------------------------------------------
Enter the BlackBerry Developer Challenge
This is your chance to win up to $100,000 in prizes! For a limited time,
vendors submitting new applications to BlackBerry App World(TM) will have
the opportunity to enter the BlackBerry Developer Challenge. See full prize
details at: http://p.sf.net/sfu/Challenge
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]