[Snort-users] Snort Performance Issues
erek at ...577...
Thu Jan 31 23:21:03 EST 2002
On Fri, 1 Feb 2002, Abe L. Getchell wrote:
> Good evening!
*sigh* All these damned Yankee's thinking it's evening, when it's "night".
> Snort runs the best on Linux, Red Hat Linux 7.2 specifically. Everyone
> here will agree with this, especially Erek Adams. ;-) No, I'm kidding!
> I'm kidding!
*cough*cough*cough* Do I read my name being taken in vain? Jeesh, those
Kentucky folks win one basketball game and they think they are special.
*ducks and runs*
> We've discussed this _many_ times on the list, and the best thing to do is
> probably search through the Snort-Users list archives located at:
Yeppers, Abe continues to try to beat me into the Linux submission mold, and I
just won't let him! :) Seriously... To sum up a _LONG_ thread, run what you
know. If that's NetBSD on a ColecoVision, then fine! Just as long as you
know the OS and underlying hardware, you should be golden!
> Also, for general IDS performance information, a good place to check is
> the SecurityFocus Focus-IDS list archives at:
Very good resource! Bookmark it! I'd suggest having a read on the following:
And the full version at:
Those are two pointer to an email that Marty sent out, which IMHO really
explains WTF you need for a serious 'snort box'. I would suggest reading
one/both of thsoe and then following those suggestions.
I'll say this: It doesn't hurt to take the authors advice on a 'how-to'
Hope that helps!
More information about the Snort-users