[Snort-users] What does lightweight mean?

Anderson, Bill wander01 at ...2144...
Wed May 30 10:19:35 EDT 2001


I have been considering Snort as an IDS for our organization, but several
people have tried to steer me away because Snort is described as
'lightweight.' What does the term lightweight mean or imply? Does it mean it
can only handle light network traffic streams, or does it mean it is light
in terms of needed resources? Or is it something else entirely? Any thoughts
are welcome.

Also, I am currently running snort in the tcpdump file read mode, reading
the files that our Shadow IDS created. Shadow only records the first 68
bytes of each packet in the tcpdump log file. Is this enough packet data for
the Snort rules? Or will Snort work better with more or the entire packet?




More information about the Snort-users mailing list