Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Notes regarding success with snort 2.0 on low end hardware

From: Matt Kettler <mkettler () evi-inc com>
Date: Mon, 09 Jun 2003 20:45:25 -0400
I just got done upgrading my snort box to merely "low end" instead of "really low end" hardware. However, I thought some of you might find it interesting that I was successfully running snort 2.0 on an old box with relatively low packet loss (just under 0.1%) sniffing a modestly loaded 2mbit symmetric connection.
I had set up snort by disabling conversation and portscan2, used the lowmem config option and the -k none command line parameter and tuned the ruleset slightly. The process consumed a relatively meager 13mb of ram.
I had been running this snort setup on a Pentium-133 console-only OpenBSD box, with 64mb of ram, and a realtek chipset NIC.
So despite having an inefficient NIC, low end cpu and low ram, snort ran reasonably well, although it was missing a few packets here and there. Not too shabby for such a low-end system. Kudos to Marty, Chris and the others for making snort 2.0 still usable on the low-end setups.
Now I've got it running on a 400mhz PII w/128mb and a better NIC, which is still low end, but it's not nearly as laughable. 



-------------------------------------------------------
This SF.net email is sponsored by:  Etnus, makers of TotalView, The best
thread debugger on the planet. Designed with thread debugging features
you've never dreamed of, try TotalView 6 free at www.etnus.com.
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: