[Snort-users] Hardware requireds...
frankieh at ...2806...
Tue Oct 2 14:04:01 EDT 2001
using your below mentioned details,,,
what sort of bandwidth would a 1.4gig athlon 512mb and 60gig ATA100 7200rpm
IBM drive 2x10/100 nic's running 2.4.x linux be able to handle with a
fairly normal ruleset??
we have 2 or 3 networks that I'd like to set snort up on,, (or possibly
prelude,, dunno yet, testing will tell.)
and I want to know roughly what sort of machine is suitable for what amount
of traffic its monitoring..
We have a couple of the above listed machines here that are not currently
doing anything else and I was wondering how well they would fair... I
suppose the hard disk and ram would be the letdowns????
anyway, if anyone has that sort of machine running as a snort server, what
sort of connection do you monitor and is your machine handling the load
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Erek Adams
Sent: Wednesday, 3 October 2001 4:36 AM
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Hardware required for monitoring a DS3
On Tue, 2 Oct 2001, SecLists wrote:
> I am wondering if any of you would know what type of Intel machine setup I
> would need to monitor a DS3 at a fairly large sevice provider. The machine
> would be running OpenBSD 2.9. The DS3 is typically at about 60-70% usage
> at peak times... It will also be logging to a remote database.
> Also, any idea how much disk space we should plan for? The ruleset would
> not be too stringent as we have many different types of traffic coming
> over that link...
Gee... A big one? Seriously, have a look st:
The honest answer is there is no 'one size fits all' answer. Best
Good Nic! --Probably one of the most important..
Fast Processor --Probably one of the most important.
Plenty of RAM --Some preprocssors chew up RAM.
Enough Disk --Enough disk to log X amount of time.
Plenty of CPU --More traffic, the bigger the engine needs to be.
Fast HD Cntrl --UWSCSI.
Fast HD's --Solid State drives rock!
Backend Nic --For Admin and logging to remote console.
Now, yes you will spend some cash on this, but do a <cost of 'comapny
secrets'> vs. <box cost> and you'll see real quick that the box is a lot
If you drop that into a box, you're gonna be able to snort a large amount of
packets. Just get 4x the box you think. If it's 400mhz on the table, get a
1.2k cpu. I know it sounds crazy, but it's easier not to rebuild every 2
A Sun Netra X1 would be nice, or even a Netra T1. Intel is not required...
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users