Linux Today: Linux News On Internet Time.

Use Profiling to Improve Snort Performance

Oct 06, 2011, 09:00 (0 Talkback[s])

[ Thanks to Lee Schlesinger for this link. ]

Snort is generally used to monitor and analyze incoming network traffic, to detect potential probes and attacks of various sorts. Whilst the main powerhouse of Snort is the detection engine, not all attacks can be identified here, so it also has an array of preprocessors that either look at packets themselves or modify traffic before passing it to the detection engine.

Obviously, this kind of analysis takes some system resources, and Snort can cause delays in your network traffic if it is not performing well. Inevitably, tuning Snort forces you to balance between the risk of intrusion and maintaining a smoothly functioning network, but by monitoring performance and tuning it carefully to your own systems and requirements, you can do your best to maximize both.

Complete Story

Related Stories: