Re: [Efw-user] Snort CPU load limits download speed

Mon, 30 Mar 2009 14:10:20 -0700

Sorry I can't be more specific. I did a bit of googling and it looks like you want to change the "search-method" param in snort.conf 

Here's a mail I found that outlines the setting in more detail.

http://www.mcabee.org/lists/snort-users/Sep-06/msg00095.html

Hope this helps!

todd
SOFTWARE ENGINEER

todd nine | spidertracks ltd | 36 victoria avenue
po box 5203 | palmerston north 4441 | new zealand
P: +64 6 353 3395 | M: +64 21
E: t...@spidertracks.co.nz W: www.spidertracks.com

On 31/03/2009, at 9:59 AM, Bart Heinsius wrote:
I looked around but have no idea how to modify settings to reduce cpu load. 
any hints?
On Mon, Mar 30, 2009 at 10:30 PM, Todd Nine <t...@spidertracks.co.nz> wrote: 
Hi Bart,
I'm currently only evaluating Endian and pfSense, but Snort generally has a configuration option for memory and CPU usage. You may need to select a different performance method. pfSense has the option in the web interface, but Endian doesn't appear to. You can probably use ssh to modify the settings directly and restart snort. 

todd
SOFTWARE ENGINEER

todd nine | spidertracks ltd | 36 victoria avenue
po box 5203 | palmerston north 4441 | new zealand
P: +64 6 353 3395 | M: +64 21
E: t...@spidertracks.co.nz W: www.spidertracks.com

On 31/03/2009, at 9:19 AM, Bart Heinsius wrote:
> Snort is almost maxing out your processor here. You aren't swapping, but there > is not enough processor time left to go much higher. You said this is a 
> virtual machine. Can you add more processor and see if it improves?
Add more processor? Like assigning 2 processors to Endian? Sounds like a lot for a router. I would think that one of the four cores in my Dell R200 Quad Core X3230, 2.66GHz/2x4M 1066FSB is enough for a 30mbps link. Or are there parameters that prevent the VM from getting the max CPU? 

-Bart

------------------------------------------------------------------------------
_______________________________________________
Efw-user mailing list
Efw-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/efw-user



------------------------------------------------------------------------------

_______________________________________________
Efw-user mailing list
Efw-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/efw-user


------------------------------------------------------------------------------
_______________________________________________
Efw-user mailing list
Efw-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/efw-user



------------------------------------------------------------------------------

_______________________________________________
Efw-user mailing list
Efw-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/efw-user

Reply via email to