[Snort-users] Looking for recommendations for distributed Snort GiGE Sensors (network architecture described in message)
michaels at ...9077...
Wed Dec 10 22:43:03 EST 2003
Was there a question here or was this just informational?
The WINSNORT.com Management Team
Pick up your FREE Windows or UNIX Snort installation guides
mailto:support at ...9077...
Snort: Open Source Network IDS - http://www.snort.org
> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-
> admin at lists.sourceforge.net] On Behalf Of Val P
> Sent: Wednesday, December 10, 2003 10:32 PM
> To: snort-users at lists.sourceforge.net
> Cc: tim at ...10610...
> Subject: RE: [Snort-users] Looking for recommendations for distributed
> Snort GiGE Sensors (network architecture described in message)
> We are monitoring a gigabit line using a Proliant DL-380G2 server (1.4 GHz
> processor and E1000 SX-fiber NICs (forget which model, but Intel branded))
> Have not seen any dropped packets even during peak times (which admitedly,
> do not max out our gigabit line, they may spike to 30%-40% on rare
> occasions, but is usually around 10%). The server has 1GB of ram, and is
> logging to a SQL Server 2000. Running on FreeBSD 4.8. The average load
> during peak times) is about 0.75 - 1.25. Single processor configuration.
> We have trimmed out some of the rules. For example, since the network we
> protecting is a Windows network, we have removed anything that may not
> to windows... We don't monitor for porn, etc. we are more interested in
> virus outbreaks. Also not particularly interested in portscans, so we have
> removed that detection as well.
> This SF.net email is sponsored by: IBM Linux Tutorials.
> Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
> Free Linux Tutorials. Learn everything from the bash shell to sys admin.
> Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=ick
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users