Snort mailing list archives
RE: Hardware requireds...
From: Erek Adams <erek () theadamsfamily net>
Date: Tue, 2 Oct 2001 17:50:56 -0700 (PDT)
On Wed, 3 Oct 2001, Franki wrote:
what sort of bandwidth would a 1.4gig athlon 512mb and 60gig ATA100 7200rpm IBM drive 2x10/100 nic's running 2.4.x linux be able to handle with a fairly normal ruleset??
Your first bottleneck will be the disk sub-system. What _type_ of NIC? Intel Pro's seem to have a rather good following...
we have 2 or 3 networks that I'd like to set snort up on,, (or possibly prelude,, dunno yet, testing will tell.) and I want to know roughly what sort of machine is suitable for what amount of traffic its monitoring..
What is the sustained transfer rate of all the nets combined? That's important.
We have a couple of the above listed machines here that are not currently doing anything else and I was wondering how well they would fair... I suppose the hard disk and ram would be the letdowns????
HD Yes. RAM No. Hell, I've seen Snort kick some serious ass on a Sparc 5 (70mhz) off of a T1. It got a sustained 20-40mbs and did just fine.
anyway, if anyone has that sort of machine running as a snort server, what sort of connection do you monitor and is your machine handling the load ok???
Well, lets say that in the real world, I can't talk about it. ;-) In the "TEST LAB" I've had a Sparc E450 sucking packets from 10 (440R's). Using a GB and 100mb interface, it does just dandy. Of course, YMMV depending on users habits, how you tune your rules, etc... It's almost a crap shoot. :) Roll one of those out and see what it does. I would honestly suggest Free or OpenBSD on it though. TCP/IP stack has a better performance than Linux--Or maybe I'm just biased. ;-} Good Luck! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Hardware required for monitoring a DS3 SecLists (Oct 02)
- Re: Hardware required for monitoring a DS3 Erek Adams (Oct 02)
- Re: Hardware required for monitoring a DS3 bthaler (Oct 02)
- Re: Hardware required for monitoring a DS3 brandon (Oct 02)
- Re: Hardware required for monitoring a DS3 Erek Adams (Oct 02)
- Re: Hardware required for monitoring a DS3 brandon (Oct 03)
- RE: Hardware requireds... Franki (Oct 02)
- RE: Hardware requireds... Erek Adams (Oct 02)
- Re: Hardware required for monitoring a DS3 Erek Adams (Oct 02)