[Snort-users] Sizing a system for gigabit backbone

Archive User archive at ...736...
Tue Oct 31 03:35:56 EST 2000


I am trying to come up with some hardware recommendations
for a new snort IDS system I want to put on my lan. Unfortunaly
we are on a totally switched 100mbit network. I can setup a
mirror port on one of my switches so I can link up with a 
giganit nic and sniff the entire lan, but I am totally lost 
when it comes to sizing a snort system for this level of traffic. 
I am thinking of going with freebsd or linux since I know I am going
to need multiple procs. Would 2 x 1 ghz processors with a gig of ram work?
Is anyone running a snort ids at these traffic levels?  Any suggestions?

Thanks.. Mike

More information about the Snort-users mailing list