[Snort-users] Question about hardware and software requirement for Snort 2.0.5
ganbold at ...4518...
Wed Dec 3 17:14:02 EST 2003
I'm pretty new to IDS and I have some questions regarding hardware and
software requirement for Snort 2.0.5.
I'm running Snort as a IDS for checking external traffic and internal
trafic for ISP,
and uses binary log option and also log to mysql and syslog. I'm on Fast
I have single PIII 1GHz with 256RAM and 30GB SCSI hard disk with 100MB
I 'm using FreeBSD 5.2beta for OS. SNort is installed from ports collection.
I connected this machine to Vlan(8 computers) and tried to run snort on
I also used ACID for real time monitoring with MySQL 4.1( it is
multithreaded and compiled using linuxthreads)
But mysql is constantly using a lot of processor time and power and
when you use top -q -I command, it shows mysql process constantly grows and
processor load is becoming more and more. And after a while ACID interface
don't respond. Even I can't connect
to the machine using ssh. Even when I run snort without logging to mysql it
has same problem. Processor usage grows.
The reason I use syslog is I use logcheck to send me email alerts every 15
My questions are:
1. How much memory and hard disk space do I need to monitor 4 vlan with 8
At least how much memory and hard disk space do I need for one vlan with 8
2. How much processor speed do I need for above mentioned 4 vlans? Or at
least for one vlan?
3. What OS do you recommend?
3. If I want to use ACID what RDBMS should I use? I need some interface to
see IDS alerts in real time.
Or is there any other way to view alerts in real time?
4. Can somebody point me to or share a real life examples and
configurations of snort for ISP? Something like ISP with
5000 users and ISP has 10MB satellite connection.
5. I thought snort is best for IDS. But is there any good alternative IDS
which uses less CPU, memory?
6. Is there any other recommendations running IDS for ISP?
7. Do I need IDS load balancer? If I need how many IDS sensors do I need?
I'm asking a lot of questions in one time, but I really need to install and
use IDS sensors and
I hope somebody in this list point me to the right direction.
thanks in advance,
More information about the Snort-users