In order to tweak the performance of any computer running SNORT, other IDS or network monitoring on Ubuntu (Linux), you can tweak out your system to save on system resources.
System Performance - Hardware
One of the best tweaks is to load your computer down with as much memory as possible and to use SATA harddrives. Linux like Windows performs better with memory and a separate hard drive for the swap file.
Disabling ATime to boost performance 35% - 45% .
Linux writes times to files. This tweak disables atime and diratime. Very few programs use this feature. All IDS systems write log files with times and dates. In order to perform this tweak, complete the steps below as the administrator (root).
- Start a terminal.
- Switch to root using the “su -" command.
- Backup your fstab - “cp /etc/fstab /etc/fstab.old".
- Open your /etc/fstab in the editor of your choice. Issue the command “nano /etc/fstab", “kate /etc/fstab", or “gedit /etc/fstab".
- Locate the partitions that contain your / and /home file systems, as well as any other file system you want to optimize. Other Examples are : /dev/hda2 and /dev/hda3, or /dev/sda2 and /dev/sda3.
- In the fourth section you will see the options section of the fstab.
- Enter “,noatime,nodiratime" after the existing options for each partition you want to speed up.
- Save the fstab file.
Throttle Indexing Speed
In order to have Ubuntu's Tracker use less CPU (utilization):
Go to System | Preferences | Indexing Preferences
At this point, you can turn off indexing by unchecking the "Enable indexing" option in the open window. In this same window, you can click the performance tab to index slower if you need indexing. Use the slider bar to slow indexing. Make sure the minimize memory usage is checked if you leave indexing on. You can also uninstall Tracker by going to terminal and doing the following:
sudo apt-get remove tracker tracker-search-tool tracker-utils
The above command removes tracker and increases the speed of Ubuntu.