Snort mailing list archives
Re: Question about hardware and software requirement for Snort 2.0.5
From: twig les <twigles () yahoo com>
Date: Wed, 3 Dec 2003 18:10:47 -0800 (PST)
My questions are: 1. How much memory and hard disk space do I need to monitor 4 vlan with 8 computers each? At least how much memory and hard disk space do I need for one vlan with 8 computers?
Depends on traffic, you're probably fine right now if you make this box a dedicated sensor.
2. How much processor speed do I need for above mentioned 4 vlans? Or at least for one vlan?
Depends on traffic. VLANs don't mean anything to snort.
3. What OS do you recommend?
FreeBSD 4.x. The 5.x line is not recommended for production yet and won't reach -stable for some months (probably).
3. If I want to use ACID what RDBMS should I use? I need some interface to see IDS alerts in real time. Or is there any other way to view alerts in real time?
You can just keep the log file that syslog is sending alerts to open with "tail -f". Or just get a dedicated viewer and dedicated sniffer. MySQL works fine, so does ACID.
4. Can somebody point me to or share a real life examples and configurations of snort for ISP? Something like ISP with 5000 users and ISP has 10MB satellite connection.
I do the snort at a small ISP offering and have similar hardware. I'm also on FBSD. Admining those boxes is the biggest scam in the world since I basically do nothing but patch them every 6 months or so. They just sit there and run.
5. I thought snort is best for IDS. But is there any good alternative IDS which uses less CPU, memory?
Tweak the settings to use less memory. I'll point to the manual on that one since I haven't bothered with that in months.
6. Is there any other recommendations running IDS for ISP?
No. I've worked with 2 commercial ones as well as snort and they sucked. Big, clunky, expensive, objectify-everything-in-GUI garbage. They play the "hide the helpful info" game too.
7. Do I need IDS load balancer? If I need how many IDS sensors do I need?
You have a lot of room to work with snort before you bother spending the money on a load balancer. De-couple the sensor from the database server then tinker for a couple of weeks before even looking at load balancers.
I'm asking a lot of questions in one time, but I really need to install and use IDS sensors and I hope somebody in this list point me to the right direction.
===== ----------------------------------------------------------- Get a taste of Religion ... eat a priest! ----------------------------------------------------------- __________________________________ Do you Yahoo!? Protect your identity with Yahoo! Mail AddressGuard http://antispam.yahoo.com/whatsnewfree ------------------------------------------------------- This SF.net email is sponsored by OSDN's Audience Survey. Help shape OSDN's sites and tell us what you think. Take this five minute survey and you could win a $250 Gift Certificate. http://www.wrgsurveys.com/2003/osdntech03.php?site=8 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Question about hardware and software requirement for Snort 2.0.5 Ganbold (Dec 03)
- Re: Question about hardware and software requirement for Snort 2.0.5 twig les (Dec 03)