Re: Best Enterprise Snort Configuration

[Paul Schmehl <pauls () utdallas edu>]

On Wed, 2003-02-12 at 09:38, tfandango wrote:
> Good news, I have a go for a Snort R&D project to
> prove that Snort can handle the traffic that our
> current commercial $oftware does.
>
> So I have a few questions...
>
> What is the best enterprise setup?  I estimate that we
> will need about 60-70 sensors when it's all said and
> done.  For an R&D project, I figure that I will start
> with about 2 sensors running linux.

Use FreeBSD.  There's a really nice setup guide on the Documentation
page that will walk you through the install and get you up and running. 
FreeBSD is known to be the fastest OS when it comes to handling network
traffic, and that's what you'll be doing with snort.

My FreeBSD snort box is a 1.3GHz processor with 1GB of ram, and it
typically uses about 175MB of memory "running" and 350MB if I'm doing
something to the database.  And the box is running snort, mysql and
acid.

Check out demarc.  They say it's really nice for a distributed snort
environment like you're talking about.  http://www.demarc.com/

-- 
Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/~pauls/
AVIEN Founding Member



-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users