Snort mailing list archives
RE: Question about best hardware
From: "Kreimendahl, Chad J" <Chad.Kreimendahl () umb com>
Date: Fri, 5 Mar 2004 12:07:26 -0600
Hardware won't be your problem. Once you get around 100k events in the snortdb on MySQL you'll run into major performance problems that almost no amount of hardware seems to solve. If you don't have issues relating to how long you legally have to keep that data, then I recommend purging what you can. -----Original Message----- From: M. Morgan [mailto:mikemorgan () mindspring com] Sent: Friday, March 05, 2004 11:18 AM To: Mike Cohen; snort-users () lists sourceforge net Subject: Re: [Snort-users] Question about best hardware Hi Mike, I'm sure you'll get alot of different replies but Im going to give you the specs on my IDS server and you can work from that if you like. I use a simple P4 2.4, ASUS motherboard with 720mb of PC 3700 DDR Ram, 80GB IDE drive for a MYSQL server, I have 3 remote snort boxes writting to this database and it works flawlessly. The only time it really has to do any performance is when I looking through the events with snortcenter and it does very well at that. I know your looking into a RAID setup but something around the same performance as mine should be fine. Ive run it on alot less but I had to be more patient when looking through the database too. I also recommend Sentinix Linux as the OS to use, it will save you *alot* of setup time and has no desktop GUI overhead on the server (you can use webmin if you want a GUI). www.sentinix.org have fun, Michael -----Original Message----- From: Mike Cohen <mike () antropyinc com> Sent: Mar 4, 2004 1:54 PM To: snort-users () lists sourceforge net Subject: [Snort-users] Question about best hardware Hi Folks, Im am beginning snort user, and I have been asked to spec a production snort server to do the following: Monitor all traffic in and out of a relatively busy Mail Server(300 users). The mail server is on a gigabit link and is usually at about 300mbs average usage, it rarely gets super saturated. I will be storing the logs on the snort box itself and I have to use a hardware raid solution. I am told I must spec an HP brand server and I have the following questions. 1. I thought I remembered reading that Opterons have an advantage when trying to sniff gigabit traffic , but I have never used an opteron, and as an intermediate Linux User Im not entirely confident trying to force linux to work on a new architecture, are there any problems with linux and snort on an opteron. 2. How much memory do I need? I specd 1gb, is this sufficient for high usage? 3. Which distro is best for an intermediate level Linux user? I know that there is no cut and dry answer to this question, but if anyone has any insight on using snort on a RAID 1 box , using an opteron on gigabit please chime in. If anyone has any other insights as to recommended hardware please let me know. Thanks. ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Question about best hardware Mike Cohen (Mar 04)
- Re: Question about best hardware Michael Sconzo (Mar 04)
- <Possible follow-ups>
- Re: Question about best hardware M. Morgan (Mar 05)
- RE: Question about best hardware Kreimendahl, Chad J (Mar 05)
- RE: Question about best hardware Jason Haar (Mar 07)
- RE: Question about best hardware Josh Berry (Mar 08)
- Re: Question about best hardware Michael Stone (Mar 09)
- RE: Question about best hardware AJ Butcher, Information Systems and Computing (Mar 09)
- RE: Question about best hardware Josh Berry (Mar 10)
- RE: Question about best hardware AJ Butcher, Information Systems and Computing (Mar 11)
- RE: Question about best hardware Jason Haar (Mar 07)
- RE: Question about best hardware Josh Berry (Mar 10)