Snort mailing list archives
Re: hardware requirements
From: Wes Young <wcyoung () buffalo edu>
Date: Mon, 10 Jan 2005 10:45:52 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 want to watch some hard-core bw, with no dropping of packets....? i'm workin on a setup right now with an ENDACE DAG card... kinda pricy... (www.endace.com), but if you have the resources... I would start there... it's kind of difficult to setup, but if you read the manual step by step... and understand how the card works with libpcap... you'll beable to monitor tons of traffic with no performance issues on the box. Also, from what I am told, you can get a daughter card that will run snort right on the card (again, if you have the resources...) to offload the cpu..... Dropping packets is a mix of rules and hardare... some of the pcre rules will slow you down and cause you to drop on normal cards.... just a trial and error for what you would like to watch on your network if you stick with conventional cards... use the perf. monitor preprocessor and 'pmgraph.pl' script (google it) to see what your stats look like, tweak as nessisary..... Rich Adamson wrote: |>Greetings, I would like to know if anyone has any hardware recommendations to run SNORT on. | | specifically im looking to put a GigE NIC in a | |>box and would like to know how fast a CPU and memory etc etc. | | | Just about any box will work, however what you really want to know | is... at what level of traffic will snort begin to drop packets. | In other words, its traffic volume dependent, not GigE dependent. | | I've got several Win32 boxes running just fine on boxes that came | with GigE ports, but the traffic volumes at those locations are so | low that snort could have been using a 10meg port. | | | | | ------------------------------------------------------- | The SF.Net email is sponsored by: Beat the post-holiday blues | Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. | It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt | _______________________________________________ | Snort-users mailing list | Snort-users () lists sourceforge net | Go to this URL to change user options or unsubscribe: | https://lists.sourceforge.net/lists/listinfo/snort-users | Snort-users list archive: | http://www.geocrawler.com/redir-sf.php3?list=snort-users | | - -- Wes Young Network Security Analyst University at Buffalo GPG Key: http://saxjazman9-security.blogspot.com/2005/01/gpg-key.html -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (MingW32) iD8DBQFB4qMwzLe0Tk6uDXYRAqNaAKCUhoAZQsCmfZwH6jy4DjI9s5f8fgCfV03F ku0gAzR4CKVOgdDkSH5EdLQ= =SWsJ -----END PGP SIGNATURE----- ------------------------------------------------------- The SF.Net email is sponsored by: Beat the post-holiday blues Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: hardware requirements, (continued)
- Re: hardware requirements Theodore Stout (Jan 09)
- Re: hardware requirements Rich Adamson (Jan 10)
- Re: hardware requirements Theodore Stout (Jan 10)
- Re: hardware requirements Rich Adamson (Jan 10)
- Re: hardware requirements Theodore Stout (Jan 10)
- Re: hardware requirements Rich Adamson (Jan 10)
- Re: hardware requirements Alex Butcher, ISC/ISYS (Jan 10)
- Re: hardware requirements Rich Adamson (Jan 10)
- Re: hardware requirements Theodore Stout (Jan 10)
- Re: hardware requirements Rich Adamson (Jan 10)
- Re: hardware requirements Theodore Stout (Jan 10)