[Snort-users] Threaded Snort

Gregor Binder gbinder at ...462...
Tue Mar 20 12:05:10 EST 2001


Erik Engberg on Tue, Mar 20, 2001 at 05:36:21PM +0100:

Erik,

> Doesn´t sound to flexible but nevertheless alright ;). If I want an open
> source solution to play with, are there any available?

If Solaris 8 counts as an open source solution .. go download :) I don't
have that much SMP clue on Linux/BSD, so I can't tell ... AFAIK, you
can't get much more flexibility unless you go for a box that can be
partitioned (and don't forget to tell me where I can apply for a job if
your manager approves it as an IDS ;))

> I agree with you there... What would be kind of practical is a pretty good
> single or dual processor box with a quad card that could monitor up to four
> low traffic nets... SnortNet in a box ;)

Depends. I like to keep sensors seperate from analysis boxes, so I'd go
for a distributed setup if you can.

Greetings,

-- 
Gregor Binder       <gregor.binder at ...462...>      http://sysfive.com/
sysfive.com GmbH               UNIX. Networking. Security. Applications.
PGP id: 0x20C6DA55 fp: 18AB 2DD0 F8FA D710 1EDC A97A B128 01C0 20C6 DA55




More information about the Snort-users mailing list