• About
  • Privacy Policy
  • Contact us
  • Submit a story
Linux-News Linux news from the Blogosphere
  • Article
  • Howto
  • News
  • Opinion
  • Review
  • RSS Feed
  • Twitter
  • Facebook

Use Profiling to Improve Snort Performance

By
News
– October 7, 2011Posted in: Article, Howto, Submitted

Snort, the open source intrusion detection and prevention system (IDS/IPS), can be a fabulous tool to protect your network from attack – if it’s set up correctly. If it’s not, it can cause network traffic and performance problems. Here’s a rundown of how to use Snort’s built-in profiling tools to tune your setup and improve Snort’s performance.

Snort is generally used to monitor and analyze incoming network traffic, to detect potential probes and attacks of various sorts. Whilst the main powerhouse of Snort is the detection engine, not all attacks can be identified here, so it also has an array of preprocessors that either look at packets themselves or modify traffic before passing it to the detection engine. Obviously, this kind of analysis takes some system resources, and Snort can cause delays in your network traffic if it is not performing well. Inevitably, tuning Snort forces you to balance between the risk of intrusion and maintaining a smoothly functioning network, but by monitoring performance and tuning it carefully to your own systems and requirements, you can do your best to maximize both.

Snort provides its own performance monitoring tool, perfmon, as a preprocessor, with a long list of options. You can start using perfmon by adding a line to snort.conf:

preprocessor perfmonitor: time 300 flow events file snortfile perfstats.log

flow shows statistics about the type of traffic and protocols that Snort is seeing; events shows statistics about how many rules were evaluated and matched, and how many were evaluated and did not match. The file andsnortfile options say to log raw data to the file perfstats.log in the Snort log directory; alternatively, usingconsole rather than the file option outputs nicely formatted data to the console. console output is readily human-readable



Tags: linux, monitoring, network, security, snort, Tutorial

About News

No Comments

Start the ball rolling by posting a comment on this article!

Leave a Reply Cancel reply

Your email address will not be published.

  • Suggested Sites
    http://linuxaria.com everything about Linux http://linuxaria.com everything about Linux
  • Curated topic
  • Recent Posts
    • Discover “It Happened One Summer” PDF: A Captivating Summer Read
    • Magic Mouthwash Recipe PDF: Your Ultimate Guide to Oral Comfort
    • Master Legal Terminology with Black’s Law Dictionary PDF: Your Ultimate Guide
    • Dive into “A Worn Path” PDF: Explore a Timeless Classic
    • Ace the NYS Notary Exam: Your 2023 Study Guide PDF
    • Master the Road: Download the Essential California Driver Handbook 2023 PDF
    • How to Pray the Prayer of St. Francis | PDF Guide and Meaning
    • Your Guide to the 21-Day Daniel Fast Meal Plan PDF
    • Unveiling the PLA Rocket Force: A Comprehensive Guide to Its Organization (PDF)
    • Unlock the Secrets of Roe v. Wade: A Comprehensive PDF Guide
  • Ranking

About Arras WordPress Theme

All site content, except where otherwise noted, is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.