Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort Hardware Selection and Fiber/Copper Taps

From: Alex Tatistcheff <alex.tatistcheff () gmail com>
Date: Wed, 4 Nov 2009 09:01:32 -0700
That "funding not an issue" statement is what's pushing some to recommend 3D
appliances.  You can spend as much as you want on a Snort box and you will
never have the capabilities available in a 3D appliance - i.e. Realtime
Network Awareness.  It's hard to overstate the importance of this capability
in an IDS/IPS.

Alex Tatistcheff
alext () pobox com

-- When a convicted terrorist was sentenced to face Jack Bauer, he appealed
to have the sentence reduced to death.




On Thu, Oct 29, 2009 at 12:46 PM, Chan, Wilson <wchan () honolulu gov> wrote:


 Im looking at spec’ing out some new servers for my Linux (CentOS) Snort
boxes. If funding was not a issue what would you buy?



Q: Snort is not multi-threaded so does it make sense to buy a rack mount
server with multiple cpus?



Q: How much ram should be allocated per server for 32bit snort on linux? If
I go over 4Gb I would have to use a PAE kernel. How much ram can Snort use?



Q: Ntap fiber to copper aggregators for gigabit links or Ntap fiber to
copper traditional taps (Outputs Tx and Rx per copper port)?



Q: If I decide to use the traditional taps do you run two processes of
snort for each TX and RX or do you bridge the two interfaces and run just
one snort process? What is best to do in this scenario? Thanks!





*Wilson*




------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users<https://lists.sourceforge.net/lists/listinfo/snort-users%0ASnort-users>list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: