Re: Considering using snort

[Guy <wyldfury () gmail com>]

Hi Mark,

2009/8/21 Mark W. Jeanmougin <mark.jeanmougin () cchmc org>:
> Guy,
> It depends on traffic load, application load, hardware spec's, acceptable
> overhead, rule set, and all kinds of things that I probably haven't even
> thought about.
>
> But, I think you've answered the question in you post.  If you've been
> running snort on your load balancer, and you're basically happy with
> performance, then it sounds like the performance impact is acceptable.

On the load balancers it's definitely acceptable. It's our mail
gateways that I'm hesitant to experiment on.

They process about 100000 connections/messages each every day. They're
commodity boxes with single CPU quad cores with 2 disks in RAID 1 and
8GB RAM. At the moment the load average on top seldom goes above 1.

I'd pretty much like to know whether Snort's overhead tends to be
fairly consistent across difference types of network traffic. If it
does, then there's little chance of it being a problem on the mail
gateways and I'll give it go.

-- 
Don't just do something...sit there!

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users