Re: OS options to monitor traffic over a 1GiB and 10 GiB

[waldo kitty <wkitty42 () windstream net>]

On 7/2/2012 01:45, C. L. Martinez wrote:
> Many thanks to all for your answers ... From hardware side I think I
> have got all pretty clear, but my question is about SO to use: BSD or
> Linux distro ... According your answers, most people use Linux distro
> with PF_RING, but nobody have tried to use FreeBSD or OpenBSD to
> accomplish this??

the key here is to test for what suits your network's needs... while you might 
have a 100MB feed, the traffic might not need as much monitoring machine as 
other 100MB feeds... it all depends on the traffic and the rules that are 
enabled... generally speaking, the more rules enabled, the more muscle your 
monitoring machine(s) need... there is not hard and fast rule... every network 
and ISP provider are different... you have to test, and tune your IDS/IPS 
solution to your network... period...

sorry if that sounds "harsh" but it is one of the basic truths of IDS/IPS 
integration...

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!