• About
  • Privacy Policy
  • Contact us
  • Submit a story
Linux-News Linux news from the Blogosphere
  • Article
  • Howto
  • News
  • Opinion
  • Review
  • RSS Feed
  • Twitter
  • Facebook

Use Profiling to Improve Snort Performance

By
News
– October 7, 2011Posted in: Article, Howto, Submitted

Snort, the open source intrusion detection and prevention system (IDS/IPS), can be a fabulous tool to protect your network from attack – if it’s set up correctly. If it’s not, it can cause network traffic and performance problems. Here’s a rundown of how to use Snort’s built-in profiling tools to tune your setup and improve Snort’s performance.

Snort is generally used to monitor and analyze incoming network traffic, to detect potential probes and attacks of various sorts. Whilst the main powerhouse of Snort is the detection engine, not all attacks can be identified here, so it also has an array of preprocessors that either look at packets themselves or modify traffic before passing it to the detection engine. Obviously, this kind of analysis takes some system resources, and Snort can cause delays in your network traffic if it is not performing well. Inevitably, tuning Snort forces you to balance between the risk of intrusion and maintaining a smoothly functioning network, but by monitoring performance and tuning it carefully to your own systems and requirements, you can do your best to maximize both.

Snort provides its own performance monitoring tool, perfmon, as a preprocessor, with a long list of options. You can start using perfmon by adding a line to snort.conf:

preprocessor perfmonitor: time 300 flow events file snortfile perfstats.log

flow shows statistics about the type of traffic and protocols that Snort is seeing; events shows statistics about how many rules were evaluated and matched, and how many were evaluated and did not match. The file andsnortfile options say to log raw data to the file perfstats.log in the Snort log directory; alternatively, usingconsole rather than the file option outputs nicely formatted data to the console. console output is readily human-readable



Tags: linux, monitoring, network, security, snort, Tutorial

About News

No Comments

Start the ball rolling by posting a comment on this article!

Leave a Reply Cancel reply

Your email address will not be published.

  • Suggested Sites
    http://linuxaria.com everything about Linux http://linuxaria.com everything about Linux
  • Curated topic
  • Recent Posts
    • Unleash the Power of PDF Security: A Guide to Content Preparation Progress Turn Off
    • Unlock the World of Coins with the World Coin Catalog Krause 47th Edition PDF
    • Master the Alphabet with Printable Traceable Worksheets [PDF Download]
    • Master PDF Merging with “I Love PDF Merge”: The Ultimate Guide
    • How to Insert a PDF into PowerPoint: A Guide to Seamless Integration
    • Ace Your CNA Exam: Free Practice Test with Answers PDF!
    • Unleash the Power of Complex Variables: A Comprehensive Guide to Brown and Churchill’s Masterpiece
    • Out of the Abyss PDF: Embark on an Epic Underdark Adventure
    • Uncover Hidden Corruption: The Ultimate Guide to “Dan Bongino Follow the Money PDF”
    • Catholic Daily Readings 2023 PDF: Your Guide to Spiritual Growth
  • Ranking

About Arras WordPress Theme

All site content, except where otherwise noted, is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.