[Snort-users] Snort as a host-based IDS

Chris Kirby ckirby at ...3736...
Tue Oct 9 14:20:10 EDT 2001

Fair enough! :)

I don't really have a dedicated machine available (yet, grin). But I do have
a freebsd box that is a Pentium3-750 with 128mb of ram, but it is currently
our bigrother/mrtg/syslog server. Average load times are around 0.11. 

If our bandwidth is low (under 1mb/s), how much load will Snort add to this,
especially if I want to monitor the external and DMZ segment? Are there any
problems that you can think of in Snort co-existing with BigBrother? I could
not entirely lock down the server because I need to get some ports open for
the BigBrother daemon so I'm not sure if this will be a problem or not.

I would eventually move Snort to its own server but I don't think we'll have
any money for that for some time because all of the servers are co-located
and they take up costly rackspace :)

Thanks in advance!


-----Original Message-----
From: Fyodor [mailto:fygrave at ...121...]
Sent: Tuesday, October 09, 2001 4:31 PM
To: Chris Kirby
Subject: Re: [Snort-users] Snort as a host-based IDS

nope, snort is nids :)

More information about the Snort-users mailing list