sizing a snort ids system?

Wed Aug 2 03:38:50 EDT 2000

> I am trying to get my boss to let me install snort in our environment to 
> improve security around here a bit. I am wondering how big of a 
> system I should ask for and what type. 
> I could probably con him into running it on linux, openbsd, or Solaris.
> Linux and OpenBSD being x86 systems and Solaris being a sparc. 
> What in your humble opinion is the best operating system to run snort 
> under (for the best performance). I know OpenBSD rules security wise
> but, I am more concerned about keeping up with 45 mbits of traffic that
> comes down our t3. If you suggest linux or openbsd.. what size x86 
> system should I get? If you suggest Solaris then what size sparc in your 
> opinion would do the job?

A Sun Ultra 30 should be capable of doing that. 45 Mbit/s will eat up ~50% CPU
I think. Snort does not need very much memory, so the ususal 128 MB should be

Same with a 500-800 MHz x86, but I don't have experiences with that. From what
was said on the list, the most important thing is to use high quality network

