Re: Best Enterprise Snort Configuration

[twig les <twigles () yahoo com>]

I love both Open and FreeBSD, but usually use Free for some
hardware support and SMP.  But that's beside my point which is
... run both!  This is R&D baby.  Have fun, check out RH 7.x,
BSDs, even Slowaris.  Then you can benchmark them and tell us
about it. :)


--- Ken Gunderson <kgunders () teamcool net> wrote:
> On Wednesday 12 February 2003 09:08 am, Paul Schmehl wrote:
> > On Wed, 2003-02-12 at 09:38, tfandango wrote:
> > > Good news, I have a go for a Snort R&D project to
> > > prove that Snort can handle the traffic that our
> > > current commercial $oftware does.
> > >
> > > So I have a few questions...
> > >
> > > What is the best enterprise setup?  I estimate that we
> > > will need about 60-70 sensors when it's all said and
> > > done.  For an R&D project, I figure that I will start
> > > with about 2 sensors running linux.
> >
> > Use FreeBSD.  There's a really nice setup guide on the
> Documentation
> > page that will walk you through the install and get you up
> and
> > running. FreeBSD is known to be the fastest OS when it comes
> to
> > handling network traffic, and that's what you'll be doing
> with snort.
> > My FreeBSD snort box is a 1.3GHz processor with 1GB of ram,
> and it
> > typically uses about 175MB of memory "running" and 350MB if
> I'm doing
> > something to the database.  And the box is running snort,
> mysql and
> > acid.
>
> FreeBSD rocks, but I think OpenBSD <http://www.openbsd.org>
> has it beat 
> by a slim margin on tcp/ip stack speed, and it has
> unparalleled track 
> record when it comes to security.  There used to be an paper
> by Dug 
> Song with some benchmarks at monkey.org comparing freebsd,
> linux, and 
> openbsd, but I am unable to find it at present, as it is
> apparently 
> "censored by the digital millemium copyright act".  fwiw, in
> this bench 
> both freebsd and openbsd smoked Linux by a margin of something
> like 
> 2:1, however, from what I understand the linux stack has
> improved quite 
> a bit.
>
> my $0.02
>
> -- 
> Best regards,
>
> Ken Gunderson
> PGP Key-- 9F5179FD
>
> "They that can give up essential liberty to obtain a little
> temporary
> safety deserve neither liberty nor safety."
>      -Benjamin Franklin, Historical Review of Pennsylvania.
>
>
> -------------------------------------------------------
> This SF.NET email is sponsored by:
> SourceForge Enterprise Edition + IBM + LinuxWorld = Something
> 2 See!
> http://www.vasoftware.com
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


=====
-----------------------------------------------------------
Know yourself and know your enemy and you will never fear defeat.         
-----------------------------------------------------------

__________________________________________________
Do you Yahoo!?
Yahoo! Shopping - Send Flowers for Valentine's Day
http://shopping.yahoo.com


-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users