[Snort-users] FreeBSD or NetBSD for a sensor

Matt Kettler mkettler at ...4108...
Thu Jul 25 11:35:03 EDT 2002


The speed of the TCP/IP stack won't matter for snort, since snort is a pcap 
level system. It will matter if you do remote logging via tcp/ip (ie: via 
sql or redirected syslog), but for a simple local-logging snort box, it 
won't make a bit of difference.

 From the viewpoint of snort itself all three of these OS's should be 
pretty close to the same for speed of picking up packets off the wire. It 
might be interesting to test, but my bets would be the overall performance 
differences between these three would be minor and mostly the result of 
slightly different disk IO handling.

Personally I run snort on OpenBSD, since a high degree of intrusion 
resistance is a necessity for the snort setup I'm running. For an "inside 
the firewall" snort box this is a lot less of an issue.

At 10:38 AM 7/25/2002 -0700, spyguy wrote:
>No OS wars please. Just real advice and logic.
>Which OS would be ideal? I can use either. I am comfortable with either.
>
>Didn't some make a claim that FreeBSD has faster stack?
>I am aware that OpenBSD is secure and every line of code reviewed...
>
>
>-spyguy





More information about the Snort-users mailing list