Re: Snort in a cluster

[Rodrigo Ramos <rodrigo.ramos () triforsec com br>]

Hi,

We have installed some snort sensors doing logging on postgresql/mysql
in machines with 4 processors (snort gets one), 1 Gb (RAM), some scsi
disks and Gigabit interfaces to monitor some very big traffic. Before we
get at this configuration we tried some others, but we did not have
success. 
Today we are working on a smaller Linux-kernel keep on going with other
tests.

IMHO, you may start your snort, configure it as best as you can and
monitor it with the top program and with the performance monitor. The
power of you machine will mostly depend on the configuration (rules and
preprocessors) and on traffic.


Best Regards,
Rodrigo Ramos
http://www.triforsec.com.br


On Fri, 2004-07-09 at 08:41, Luis Claudio Rodrigues da Silveira wrote:
> Hi all,
>  
> is it possible to setup a beowulf cluster running many snort sensors
> at once? Is there any advantage in terms of performance on packet
> processing??
>  
> Thanks in advance,
>  
> Luis Claudio R da Silveira



-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users