Question about hardware needs

["Robert Casto" <robert () cincijava com>]

I am setting up Snort to watch a web server that is an 8 processor
Compaq. The 100 Meg line that I will be listening to will be pretty full
most of the time. I was wondering what would be needed for the Snort
machine to handle an almost saturated 100 M Ethernet line? I am thinking
of a dual processor 2.4 GHz with 2 Gig of memory running SuSE 8.1 along
with some 15k RPM drives. Is this a major overkill? So far in all of my
testing Snort has yet to loose a single packet. What kind of hardware
will I need to keep up with this much traffic?

NOTE: I will be processing the logs that are created on the same
machine. Essentially stripping out information and keeping the parts of
the TCP streams I need for logging purposes and further analysis.

Thanks in advance!

Robert Casto 
Tel (513) 755-2221 
Cell (513) 349-5282 
robert () cincijava com 
http://www.cincijava.com



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users