Gigabit IDS

[Tony.Williams () ci austin tx us]

Hey Guys,

I recently picked up a Dell Poweredge 1750 at work for a pilot test using
snort as our enterprise IDS.  The specs on the box are Dual Xeon 3.06Ghz
Procs, 2gig mem, 15k rpm scsi drives in a raid 5 configuration and dual
intel fiber gig nics.  I've been doing some studying and I want to leverage
our current microsoft sql database backend for logging.  I saw that barnyard
was probably the way to go for logging to the database but it seems as
though it only supports mysql and postgres.  I figure I could use the
database output plugin in snort but I know that will cost me performance and
at gigabit i'm not sure how much I can give.  It seems that there is a win32
version of barnyard that supports mssql but I'm really wanting to make my
sensors linux for speed.  Can anyone give me some insight and let me know if
my hardware sounds good for gigabit ids and also if you think I may have an
issue with using the snort db output plugin instead of barnyard due to the
lack of mssql support?  I'm going to be starting the test soon but I'm still
in the information gathering stage right now.  Any help would be
appreciated.  Thanks!!!

Tony Williams


-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users