Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: FreeBSD or NetBSD for a sensor

From: Matt Kettler <mkettler () evi-inc com>
Date: Thu, 25 Jul 2002 14:33:49 -0400
The speed of the TCP/IP stack won't matter for snort, since snort is a pcap level system. It will matter if you do remote logging via tcp/ip (ie: via sql or redirected syslog), but for a simple local-logging snort box, it won't make a bit of difference.
From the viewpoint of snort itself all three of these OS's should be pretty close to the same for speed of picking up packets off the wire. It might be interesting to test, but my bets would be the overall performance differences between these three would be minor and mostly the result of slightly different disk IO handling.
Personally I run snort on OpenBSD, since a high degree of intrusion resistance is a necessity for the snort setup I'm running. For an "inside the firewall" snort box this is a lot less of an issue. 

At 10:38 AM 7/25/2002 -0700, spyguy wrote:

No OS wars please. Just real advice and logic.
Which OS would be ideal? I can use either. I am comfortable with either.

Didn't some make a claim that FreeBSD has faster stack?
I am aware that OpenBSD is secure and every line of code reviewed...


-spyguy




-------------------------------------------------------
This sf.net email is sponsored by: Jabber - The world's fastest growing real-time communications platform! Don't just IM. Build it in! http://www.jabber.com/osdn/xim 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: