[Snort-users] High-Performance Installation Reccomendations for Snort?

Ryan Hill rhill at ...2446...
Thu Mar 28 10:27:06 EST 2002


After spending quite some time with an extremely stable RH 7.2, snort,
mysql, apache and demarc combination with two sensors, I've decided that I'd
like to expand my sensor network to between 4 and 6 sensors (migrating to a
new machine) running on a low to moderately busy 10/100 switched network.  

Because of this, I fear that Linux may not be able to keep up with the
overhead and stay running smoothly, so I'm soliciting opinions from the list
(in public or private) on your reccomendations for an optimum server

Planned Hardware Specs
PIII 933
384 MB RAM
40 GB ATA 100 IDE
1 Intel NIC (on-board)
2 Quad Ethernet Port PCI Cards

Planned Software Specs
FreeBSD 4.5
Custom compiled kernel with ip-chains support for the management NIC.

Since I've performed exactly 3 FreeBSD installs ever (all in lab
environments), any and all tips and reccomendations for configuration of the
OS, Snort or the DB backend would be greatly appreciated.


Ryan Hill, MCSE 
Manager, Technical Support (aka IT Ninja)
Corporate Information Systems
TeleCommunication Systems, Inc. (TCS) - http://www.telecomsys.com
v: 206.792.2276 - f: 206.792.2001

More information about the Snort-users mailing list