[Snort-users] High-Performance Installation Reccomendations for Snort?
rhill at ...2446...
Thu Mar 28 10:27:06 EST 2002
After spending quite some time with an extremely stable RH 7.2, snort,
mysql, apache and demarc combination with two sensors, I've decided that I'd
like to expand my sensor network to between 4 and 6 sensors (migrating to a
new machine) running on a low to moderately busy 10/100 switched network.
Because of this, I fear that Linux may not be able to keep up with the
overhead and stay running smoothly, so I'm soliciting opinions from the list
(in public or private) on your reccomendations for an optimum server
Planned Hardware Specs
384 MB RAM
40 GB ATA 100 IDE
1 Intel NIC (on-board)
2 Quad Ethernet Port PCI Cards
Planned Software Specs
Custom compiled kernel with ip-chains support for the management NIC.
Since I've performed exactly 3 FreeBSD installs ever (all in lab
environments), any and all tips and reccomendations for configuration of the
OS, Snort or the DB backend would be greatly appreciated.
Ryan Hill, MCSE
Manager, Technical Support (aka IT Ninja)
Corporate Information Systems
TeleCommunication Systems, Inc. (TCS) - http://www.telecomsys.com
v: 206.792.2276 - f: 206.792.2001
More information about the Snort-users