High-Performance Installation Reccomendations for Snort?

[Ryan Hill <rhill () xypoint com>]

All,

After spending quite some time with an extremely stable RH 7.2, snort,
mysql, apache and demarc combination with two sensors, I've decided that I'd
like to expand my sensor network to between 4 and 6 sensors (migrating to a
new machine) running on a low to moderately busy 10/100 switched network.  

Because of this, I fear that Linux may not be able to keep up with the
overhead and stay running smoothly, so I'm soliciting opinions from the list
(in public or private) on your reccomendations for an optimum server
configuration.

Planned Hardware Specs
PIII 933
384 MB RAM
40 GB ATA 100 IDE
1 Intel NIC (on-board)
2 Quad Ethernet Port PCI Cards

Planned Software Specs
FreeBSD 4.5
Custom compiled kernel with ip-chains support for the management NIC.
Snort
MySQL
Apache
Demarc

Since I've performed exactly 3 FreeBSD installs ever (all in lab
environments), any and all tips and reccomendations for configuration of the
OS, Snort or the DB backend would be greatly appreciated.

Regards,

Ryan Hill, MCSE 
Manager, Technical Support (aka IT Ninja)
Corporate Information Systems
TeleCommunication Systems, Inc. (TCS) - http://www.telecomsys.com
v: 206.792.2276 - f: 206.792.2001

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users