 | | | Linux packet drops | Linux packet drops 2005-06-21 - By Benjamin Franz
Back
On Tue, 21 Jun 2005, Sonali Gupta wrote:
>
> So, to summarize, we see packet drops in sniffing whenever there is disk
> I/O happening. We do not suspect the HDD of the machine, as we were able
> to simulate the problem in two other totally different systems also.
I'm not familiar with the internals of snort, but it sounds like simple
I/O blocking on the log is causing you to miss packets at high speeds -
possibly aggravated by insufficient buffering by your network interface
card.
Is snort smart enough to capture packets in a seperate thread/process than
it is using to write the log and keep them fully asynchronous? If not,
then you will have to work around the problem by logging somewhere else
than the hard drive on the machine and using a seperate process to move
the logs to permanent storage asynchronously to snort's logging or use
some other logging module.
A quick Googling on 'snort packet loss' produced a lot of likely hits.
This really sounds like a question for the Snort maillists over on
snort.org anyway.
--
Benjamin Franz
Simple things should be simple, complex things should be possible.
- Alan Kay
--
Taroon-list mailing list
Taroon-list@(protected)
http://www.redhat.com/mailman/listinfo/taroon-list
Earn $52 per hosting referral at Lunarpages.
|
|
|