> [EMAIL PROTECTED] wrote: >>> [EMAIL PROTECTED] wrote: >>> >>>> I'm running the current version of nessus on an x86_64 linux system >>>> and >>>> was comparing it to my coworker who runs FreeBSD. We both have the >>>> same >>>> hardware but he can have his system set to 70/30 on the hosts/checks >>>> and >>>> still have an extremely response system and no false positives in the >>>> scan results. If I try to even set anything close to those my system >>>> grinds to a halt and the results are extremely suspect. >>>> >>>> The question I have is what tuning can I do on Linux systems to make >>>> the >>>> performance somewhat similar. I'm guessing that I won't be able to >>>> match >>>> it because of the differences between the OS's network stack and >>>> kernel. >>>> >>> Hello, >>> >>> When you say same hardware, is it the exact same memory, >>> CPU, disk, .etc? >>> >> >> Same model laptop, I have 3GB of memory however he only has 2GB. >> >> >>> Are you running any extra applications on your Linux system >>> such as a network monitor or a network IDS? What about a local >>> firewall logging all connections in/out? >>> >> >> No extra specific applications (monitoring, ids, etc.) we are both >> running >> X but with lightweight window managers, and usually only multiple terms. >> Firewalls are disabled during scanning on both systems. >> >> >>> Also, are you running the same exact scan configurations? You >>> mention 70/30 hosts/checks, but I would be curious if you are >>> also comparing the same scan configurations such as thorough >>> checks. >>> >> >> same nessusrc file for both of us. >> >> >>> Lastly, I would also compare any process loads on the FreeBSD >>> system to the Linux system. >>> >> >> comparable loads, like I mentioned before, only basic X and multiple >> xterms, no other services (mysql, http, etc.) or applications playing >> mp3's etc. >> >> >>> We've been very wary at Tenable to produce any sort of "this >>> OS is faster than this OS" type of guidelines because there >>> are many variables to consider. >>> >> >> Understood. I'm just seeing a night and day difference here and I'm >> wondering if there is something configured wrong on my system or >> something >> obvious that I should set to make it comparable. >> >> We his system runs a scan with the config of 70/30 he can still switch >> between terms, view\edit files and all with no really noticeable delay. >> If I even try that, forget about it, my system is frozen, trying to >> switch >> between terms takes a good 30 seconds or more. >> >> _______________________________________________ >> Nessus mailing list >> [email protected] >> http://mail.nessus.org/mailman/listinfo/nessus >> >> > Sounds like your kernel may not be compiled for responsiveness possibly? > > In Linux, there is a kernel section on Timer Frequency. Setting this > higher may make your system more responsive. Higher settings are more > suitable for desktops to perform responsively, whereas lower settings > are more suitable for servers to just get bulk work done at a time. If > your setting is low, then it's doing more work at a time and therefore > the system is less responsive to your actions since it's focusing on > getting that work done. > > You didn't mention what distro you are using, if you compiled your > kernel yourself or anything, so this is just a guess... worth a try > though if you're stumped though.
I'm running Xubuntu Hoary amd64 with the default kernel, though I have had this issue for awhile on prior versions and other distros and had just accepted it until I saw how my coworkers ran. > Have you tried looking at CPU, Ram usage, Load etc etc... Is your CPU > flat out? RAM usage is nominal, CPU usage is about 50% on both processors. Right now running a scan I've got some responsiveness but it will go away at some point. I'm trying the be_nice line and will see how that works. _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
