[Snort-users] Looking for recommendations for distributed Snort GiGE Sensors (network architecture described in message)

Michael Steele michaels at ...9077...
Wed Dec 10 22:43:03 EST 2003


Ok,

Was there a question here or was this just informational?

Kindest regards, 

The WINSNORT.com Management Team
-- 
Pick up your FREE Windows or UNIX Snort installation guides       
mailto:support at ...9077...
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org


> -----Original Message-----
> From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-
> admin at lists.sourceforge.net] On Behalf Of Val P
> Sent: Wednesday, December 10, 2003 10:32 PM
> To: snort-users at lists.sourceforge.net
> Cc: tim at ...10610...
> Subject: RE: [Snort-users] Looking for recommendations for distributed
> Snort GiGE Sensors (network architecture described in message)
> 
> 
> We are monitoring a gigabit line using a Proliant DL-380G2 server (1.4 GHz
> processor and E1000 SX-fiber NICs (forget which model, but Intel branded))
> 
> Have not seen any dropped packets even during peak times (which admitedly,
> do not max out our gigabit line, they may spike to 30%-40% on rare
> occasions, but is usually around 10%). The server has 1GB of ram, and is
> logging to a SQL Server 2000. Running on FreeBSD 4.8. The average load
> (not
> during peak times) is about 0.75 - 1.25. Single processor configuration.
> 
> 
> We have trimmed out some of the rules. For example, since the network we
> are
> protecting is a Windows network, we have removed anything that may not
> apply
> to windows... We don't monitor for porn, etc. we are more interested in
> virus outbreaks. Also not particularly interested in portscans, so we have
> removed that detection as well.
> 
> 
> 
> 
> -------------------------------------------------------
> This SF.net email is sponsored by: IBM Linux Tutorials.
> Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
> Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
> Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=ick
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=ort-users






More information about the Snort-users mailing list