Increase the Performance of an IDS or Network Security Monitor on Ubuntu
written by: Steve Mallard•edited by: Ronda Bowen•updated: 7/4/2011
Running Snort, IDS or Network Monitor on Ubuntu? Many Enterprise locations use Linux or Ubuntu to run IDS or intrusion software on their networks. IDS systems usually hit the system resources of even the most powerful Linux machines. To speed up the systems, use the following tips.
slide 1 of 2
In order to tweak the performance of any computer running SNORT, other IDS or network monitoring on Ubuntu (Linux), you can tweak out your system to save on system resources.
System Performance - Hardware
One of the best tweaks is to load your computer down with as much memory as possible and to use SATA harddrives. Linux like Windows performs better with memory and a separate hard drive for the swap file.
Disabling ATime to boost performance 35% - 45% .
Linux writes times to files. This tweak disables atime and diratime. Very few programs use this feature. All IDS systems write log files with times and dates. In order to perform this tweak, complete the steps below as the administrator (root).
Start a terminal.
Switch to root using the “su -" command.
Backup your fstab - “cp /etc/fstab /etc/fstab.old".
Open your /etc/fstab in the editor of your choice. Issue the command “nano /etc/fstab", “kate /etc/fstab", or “gedit /etc/fstab".
Locate the partitions that contain your / and /home file systems, as well as any other file system you want to optimize. Other Examples are : /dev/hda2 and /dev/hda3, or /dev/sda2 and /dev/sda3.
In the fourth section you will see the options section of the fstab.
Enter “,noatime,nodiratime" after the existing options for each partition you want to speed up.
Save the fstab file.
Throttle Indexing Speed
In order to have Ubuntu's Tracker use less CPU (utilization):
Go to System | Preferences | Indexing Preferences
At this point, you can turn off indexing by unchecking the "Enable indexing" option in the open window. In this same window, you can click the performance tab to index slower if you need indexing. Use the slider bar to slow indexing. Make sure the minimize memory usage is checked if you leave indexing on. You can also uninstall Tracker by going to terminal and doing the following:
The above command removes tracker and increases the speed of Ubuntu.
slide 2 of 2
Ubuntu is one of the best, well written Linux distributions on the market. Ubuntu keeps tweaking and upgrading creating a better product. Enterprise level information technology departments are beginning to adopt this distribution. Just like Microsoft's Windows or any other Linux product, there will always be tweaks to increase system performance.