performance of snort vs suricata with iozone
 

Hi all..

I want to compare performance of 2 systems that using snort and suricata.

I have install snort in an Ubuntu system and suricata in another Ubuntu.

how can i test with "iozone" that witch one of these IDSes have better performance on the system?

In fact,I want to know how to use iozone (which options of iozne should be use) to have better output of this comparison.

may you help me????

Iozone is a file system benchmark, and snort is an IDS. You probably would want to use a packet generator to test the IDS performance.

I know that , I am sending packet to the system with packet generator , and I want to get system benchmark of a system that running IDS on it. in fact I want to check that analyzing packets with an IDS have how much influence on system ideally working?

I would guess it only will have a slight effect on disk IO. You can view disk IO in "atop" A gigabit interface loaded with traffic is not enough to slow a modern PC system. But I don't know how you could adapt iozone to use disk activity under ids testing instead of its own routines.