[Snort-users] drive config for sensor?

Erek Adams erek at ...577...
Tue Oct 8 22:31:02 EDT 2002

On Tue, 8 Oct 2002, /dev/null wrote:

> I'm setting up a dedicated snort sensor that will feed data using mysql
> into the console running on another box.
> My incomming connection is 256K.
> I have two HD in this sensor, a 1Gig and a 256Meg.  Any recommendations
> on the sizes to use for the partitions and what to mount them as?

Ummmm....  Ok, you've got a lot of issues here.  Box, Disk, output plugins,
disk speed, etc...  It's more than I care to elaborate on.  :)

To be honest:  Setup the sensor first.  Make it work.  THEN and _only_ then
should you start trying to "speed it up".

I could rattle off all sorts of things to make life 'quicker', but 'quicker'
!== 'better'.  Use what you have and what you know....  After that, then you
might want to consider changing Snort.


Erek Adams

