Snort mailing list archives
Re: Snort on a 486 ?
From: Saad Kadhi <saad () docisland org>
Date: Wed, 15 Jan 2003 19:36:39 +0100
On Wed, Jan 15, 2003 at 09:44:07AM -0500, Bennett Todd wrote:
2003-01-15T02:51:45 Hilton De Meillon:will snort be able to run on a 486?I'd expect so.Will it be fast enough to monitor a 128k line?Mostly, probably. I'd expect two possible issues. First, there's memory footprint. With 1.9.0 and little tuning in the sigs, I routinely see >>16MB VM and a working set over 5MB; with lots of traffic and spp_portscan2 enabled, it's not uncommon to see that memory footprint climb over 64MB. Olde 486-vintage machines are often found with 4-8MB of RAM. That's liable to make you unhappy. A thrashing snort probably won't work at all. If you can get the 486 box up to 16MB of RAM, and if you disable portscan2 and conversation, and you don't run much else that eats RAM on this box, that should address that issue.
just fyi, the last time I tried to load an openbsd on a 486 box (was then a 2.9), I had a hell of a time getting to install with 16MB (MAKEDEV all was the culprit) and even afterwards, it was *hum* rather slooooow (custom kernel, every bit of unneeded stuff left out). maybe it is possible to install an old distro of a linux/*bsd distro that will be happy with 16MB of RAM.
It can be done, with care, but is it worth it? You ought to be able to get something substantially newer for $50 off eBay, I'd expect.
agreed. get newer hardware. it won't cost you much and it will save you sweat :). but what you are attempting to do sound like a good "snort benchmarking and tuning" project. cheers. -- Saad Kadhi -- [saad () docisland org] [saad.kadhi () hapsis fr] [pgp keyid: 35592A6D http://pgp.mit.edu] [pgp fingerprint: BF7D D73E 1FCF 4B4F AF63 65EB 34F1 DBBF 3559 2A6D] --- ------------------------------------------------------- This SF.NET email is sponsored by: A Thawte Code Signing Certificate is essential in establishing user confidence by providing assurance of authenticity and code integrity. Download our Free Code Signing guide: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0028en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort on a 486 ? Hilton De Meillon (Jan 15)
- Re: Snort on a 486 ? Erek Adams (Jan 15)
- Re: Snort on a 486 ? Bennett Todd (Jan 15)
- Re: Snort on a 486 ? Saad Kadhi (Jan 15)
- <Possible follow-ups>
- RE: Snort on a 486 ? Hicks, John (Jan 15)