by I have read on the list that Snort doesn't use the underlying OS's TCP
stack.
I have been reading the 'man tuning' stuff on FreeBSD 4.4 on a Compaq 2 x
600mhz w/512m ram, a ZNYX quad ethernet card (using ZNYX's driver rather
than the DEC driver), and a smart array controller 4200 with write cache
enabled (the data center is UPS & Generator protected, as
well as a battery on the array controller so I don't worry about lost
writes).
If the system is running three sensor instances of Snort + Mysql, and I am
using a bpf filter to ignore within segment (not (src net 192.168.x and dst
net 192.168.x) ) to reduce what Snort has to examine.
Are there any other suggestions for tuning FreeBSD? Is there any contention
when using the same driver for multiple snort nic interfaces as opposed to
using different NICs and drivers? Are the network interface drivers
typically multithreaded?