Snort mailing list archives
Re: Gigabit IDS
From: Erek Adams <erek () snort org>
Date: Tue, 6 Jan 2004 09:30:00 -0500 (EST)
On Mon, 5 Jan 2004 Tony.Williams () ci austin tx us wrote:
I recently picked up a Dell Poweredge 1750 at work for a pilot test using snort as our enterprise IDS. The specs on the box are Dual Xeon 3.06Ghz Procs, 2gig mem, 15k rpm scsi drives in a raid 5 configuration and dual intel fiber gig nics. I've been doing some studying and I want to leverage our current microsoft sql database backend for logging. I saw that barnyard was probably the way to go for logging to the database but it seems as though it only supports mysql and postgres. I figure I could use the database output plugin in snort but I know that will cost me performance and at gigabit i'm not sure how much I can give. It seems that there is a win32 version of barnyard that supports mssql but I'm really wanting to make my sensors linux for speed. Can anyone give me some insight and let me know if my hardware sounds good for gigabit ids and also if you think I may have an issue with using the snort db output plugin instead of barnyard due to the lack of mssql support? I'm going to be starting the test soon but I'm still in the information gathering stage right now. Any help would be appreciated. Thanks!!!
Two things: * How much traffic do you expect to handle? With the hardware that you have you can handle a fair amount, but just don't expect it to handle an OC-48. * Change the disks to a RAID 1+0. 1+0 will give you about a 4.5-5.0 x gain in write performance while still maintaining redundancy. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Gigabit IDS Tony . Williams (Jan 05)
- Re: Gigabit IDS Erek Adams (Jan 06)
- Re: Gigabit IDS twig les (Jan 06)
- Re: Gigabit IDS Erek Adams (Jan 06)