Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort Hardware Selection and Fiber/Copper Taps

From: "Mark W. Jeanmougin" <mark.jeanmougin () cchmc org>
Date: Mon, 02 Nov 2009 10:27:38 -0500
Seriously: I have to second the recommendation to buy the Sourcefire 
sensors.  I've got a half dozen or so and they work fairly well.  Their 
support is great.

The 9900 has great throughput, low enough latency and can handle 10 Gbit 
with no problems.

What are you looking to monitor?

MJ


On 10/30/2009 11:19 PM, Rob Dixon wrote:

What do you */need?/* Do you have requirements or just the biggest
baddest snort censor money can buy? hehe.

On Thu, Oct 29, 2009 at 3:46 PM, Chan, Wilson <wchan () honolulu gov
<mailto:wchan () honolulu gov>> wrote:

    Im looking at spec’ing out some new servers for my Linux (CentOS)
    Snort boxes. If funding was not a issue what would you buy?

    Q: Snort is not multi-threaded so does it make sense to buy a rack
    mount server with multiple cpus?

    Q: How much ram should be allocated per server for 32bit snort on
    linux? If I go over 4Gb I would have to use a PAE kernel. How much
    ram can Snort use?

    Q: Ntap fiber to copper aggregators for gigabit links or Ntap fiber
    to copper traditional taps (Outputs Tx and Rx per copper port)?

    Q: If I decide to use the traditional taps do you run two processes
    of snort for each TX and RX or do you bridge the two interfaces and
    run just one snort process? What is best to do in this scenario? Thanks!

    *Wilson*



------------------------------------------------------------------------------
Come build with us! The BlackBerry(R) Developer Conference in SF, CA
is the only developer event you need to attend this year. Jumpstart your
developing skills, take BlackBerry mobile applications to market and stay 
ahead of the curve. Join us from November 9 - 12, 2009. Register now!
http://p.sf.net/sfu/devconference
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: