[Snort-users] FreeBSD or NetBSD for a sensor
mkettler at ...4108...
Thu Jul 25 11:35:03 EDT 2002
The speed of the TCP/IP stack won't matter for snort, since snort is a pcap
level system. It will matter if you do remote logging via tcp/ip (ie: via
sql or redirected syslog), but for a simple local-logging snort box, it
won't make a bit of difference.
From the viewpoint of snort itself all three of these OS's should be
pretty close to the same for speed of picking up packets off the wire. It
might be interesting to test, but my bets would be the overall performance
differences between these three would be minor and mostly the result of
slightly different disk IO handling.
Personally I run snort on OpenBSD, since a high degree of intrusion
resistance is a necessity for the snort setup I'm running. For an "inside
the firewall" snort box this is a lot less of an issue.
At 10:38 AM 7/25/2002 -0700, spyguy wrote:
>No OS wars please. Just real advice and logic.
>Which OS would be ideal? I can use either. I am comfortable with either.
>Didn't some make a claim that FreeBSD has faster stack?
>I am aware that OpenBSD is secure and every line of code reviewed...
More information about the Snort-users