This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Much slower IPS performance in 9.1x

Hi,

I just up2date'd from 9.006 to 9.105, and I'm seeing much lower throughput.

Previously, I was getting 65mbps from LAN->DMZ, and was easily able to max out my FiOS Internet connection (25mbps down).

Those tests were on 7.509, but I was still easily maxing out my 25mbps connection on 9.0x.

However, after the up2date to 9.105, I am now only getting 16mbps. 'top' and 'htop' show a snort thread using 97% of the CPU.

The CPU is an Atom n270 (single core + HT).
RAM is 2GB;

This thread was automatically locked due to age.

Parents

0 BarryG over 11 years ago

I think something more is going on than just the increase in rule count... I disabled most of the Attack Pattern groups; now at 505 of 17390 patterns, and CPU usage is 88% at 24mbps down and 25% at 6mbps up.

(This is an improvement in throughput, but it doesn't look like I'll be able to hit 65mbps like I was able to before (and I had 5386 rules active before).)

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BarryG over 11 years ago

I think something more is going on than just the increase in rule count... I disabled most of the Attack Pattern groups; now at 505 of 17390 patterns, and CPU usage is 88% at 24mbps down and 25% at 6mbps up.

(This is an improvement in throughput, but it doesn't look like I'll be able to hit 65mbps like I was able to before (and I had 5386 rules active before).)

Barry
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data