Linux Today: Linux News On Internet Time.
Search Linux Today
Linux News Sections:  Developer -  High Performance -  Infrastructure -  IT Management -  Security -  Storage -
Linux Today Navigation
LT Home
Contribute
Contribute
Link to Us
Linux Jobs


Top White Papers

More on LinuxToday


Use Profiling to Improve Snort Performance

Oct 06, 2011, 09:00 (0 Talkback[s])

[ Thanks to Lee Schlesinger for this link. ]

Snort is generally used to monitor and analyze incoming network traffic, to detect potential probes and attacks of various sorts. Whilst the main powerhouse of Snort is the detection engine, not all attacks can be identified here, so it also has an array of preprocessors that either look at packets themselves or modify traffic before passing it to the detection engine.

Obviously, this kind of analysis takes some system resources, and Snort can cause delays in your network traffic if it is not performing well. Inevitably, tuning Snort forces you to balance between the risk of intrusion and maintaining a smoothly functioning network, but by monitoring performance and tuning it carefully to your own systems and requirements, you can do your best to maximize both.

Complete Story

Related Stories: