Snort mailing list archives
RE: Minimum hardware config for Snort
From: "Sheahan, Paul" <Paul.Sheahan () priceline com>
Date: Fri, 8 Aug 2003 15:55:23 -0400
Thanks for the response. Here is an example of the factors in my environment: - Gig network with up to 100mb/s traffic - Running on Red Hat Linux 7 - Will most likely be on an Intel platform (Compaq) - Will only have 50% of the default rules enabled plus some of my own - All preprocessors enabled (at least that is the initial plan) - Outputs will most likely be to log only, but MAY be going to ACID - Prefer no packet loss - No other services running (this will be a dedicated sensor box) Any recommendations on hardware in this example? Thanks again, Paul -----Original Message----- From: Schmehl, Paul L [mailto:pauls () utdallas edu] Sent: Friday, August 08, 2003 3:09 PM To: Snort List (E-mail) Subject: RE: [Snort-users] Minimum hardware config for Snort There *is* no such thing. It depends entirely upon a number of factors which cannot be arithmetically determined. How much bandwidth do you have? How much of that bandwidth do you intend to monitor with snort? What OS are you going to run snort on? What processor (Intel, Sun, Alpha, etc.) How many of the rules will you have enabled? How many of the preprocessors (like portscan2, rpc_decode, frag2, http_decode, etc.) will you enable? How many outputs will you use (log, barnyard, database, etc.)? How much packet loss is acceptable? What other services will be running on the box? Etc., etc., etc. It's a question that cannot be answered except by trial and error. Tell us what you intend to use it for *in detail*, and *someone* on the list will have similar parameters and be able to share their experiences, which will be helpful, but not definitive. Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/
-----Original Message----- From: Sheahan, Paul [mailto:Paul.Sheahan () priceline com] Sent: Friday, August 08, 2003 1:19 PM To: Snort List (E-mail) Subject: [Snort-users] Minimum hardware config for Snort Can anyone point me to a minimum recommended hardware config for a Snort sensor (processor, memory and disk etc)?
------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Minimum hardware config for Snort Sheahan, Paul (Aug 08)
- Re: Minimum hardware config for Snort Bennett Todd (Aug 08)
- <Possible follow-ups>
- RE: Minimum hardware config for Snort Schmehl, Paul L (Aug 08)
- RE: Minimum hardware config for Snort Sheahan, Paul (Aug 08)
- Re: Minimum hardware config for Snort Bennett Todd (Aug 08)
- RE: Minimum hardware config for Snort Paul Schmehl (Aug 10)
- RE: Minimum hardware config for Snort Sheahan, Paul (Aug 08)