[Snort-users] Question about hardware and software requirement for Snort 2.0.5

Ganbold ganbold at ...4518...
Wed Dec 3 17:14:02 EST 2003


Hi,

I'm pretty new to IDS and I have some questions regarding hardware and 
software requirement for Snort 2.0.5.
I'm running Snort as a IDS for checking external traffic and internal 
trafic for ISP,
and uses binary log option and also log to mysql and syslog. I'm on Fast 
Ethernet.

I have single PIII 1GHz with 256RAM and 30GB SCSI hard disk with 100MB 
Intel NIC.
I 'm using FreeBSD 5.2beta for OS. SNort is installed from ports collection.

I connected this machine to Vlan(8 computers) and tried to run snort on 
aggregated/mirrored port.
I also used ACID for real time monitoring with MySQL 4.1( it is 
multithreaded and compiled using linuxthreads)

But mysql is constantly using a lot of processor time and power and
when you use top -q -I command, it shows mysql process constantly grows and
processor load is becoming more and more. And after a while ACID interface 
don't respond. Even I can't connect
to the machine using ssh. Even when I run snort without logging to mysql it 
has same problem. Processor usage grows.

The reason I use syslog is I use logcheck to send me email alerts every 15 
minutes.

My questions are:
1. How much memory and hard disk space do I need to monitor 4 vlan with 8 
computers each?
At least how much memory and hard disk space do I need for one vlan with 8 
computers?
2. How much processor speed do I need for above mentioned 4 vlans? Or at 
least for one vlan?
3. What OS do you recommend?
3. If I want to use ACID what RDBMS should I use? I need some interface to 
see IDS alerts in real time.
Or is there any other way to view alerts in real time?
4. Can somebody point me to or share a real life examples and 
configurations of snort for ISP? Something like ISP with
5000 users and ISP has 10MB satellite connection.
5. I thought snort is best for IDS. But is there any good alternative IDS 
which uses less CPU, memory?
6. Is there any other recommendations running IDS for ISP?
7. Do I need IDS load balancer? If I need how many IDS sensors do I need?

I'm asking a lot of questions in one time, but I really need to install and 
use IDS sensors and
I hope somebody in this list point me to the right direction.

thanks in advance,

Ganbold Ts.
Mongolia





More information about the Snort-users mailing list