[Snort-users] Looking for recommendations for distributed Snort GiGE Sensors (network architecture described in message)

Landon Stewart lstewart at ...10705...
Thu Dec 11 19:21:02 EST 2003


This was a reply to my original post.

Thank you Val!

At 10:42 PM 12/10/2003, Michael Steele wrote:
>Ok,
>
>Was there a question here or was this just informational?
>
>Kindest regards,
>
>The WINSNORT.com Management Team
>--
>Pick up your FREE Windows or UNIX Snort installation guides
>mailto:support at ...9077...
>Website: http://www.winsnort.com
>Snort: Open Source Network IDS - http://www.snort.org
>
>
> > -----Original Message-----
> > From: snort-users-admin at lists.sourceforge.net [mailto:snort-users-
> > admin at lists.sourceforge.net] On Behalf Of Val P
> > Sent: Wednesday, December 10, 2003 10:32 PM
> > To: snort-users at lists.sourceforge.net
> > Cc: tim at ...10610...
> > Subject: RE: [Snort-users] Looking for recommendations for distributed
> > Snort GiGE Sensors (network architecture described in message)
> >
> >
> > We are monitoring a gigabit line using a Proliant DL-380G2 server (1.4 GHz
> > processor and E1000 SX-fiber NICs (forget which model, but Intel branded))
> >
> > Have not seen any dropped packets even during peak times (which admitedly,
> > do not max out our gigabit line, they may spike to 30%-40% on rare
> > occasions, but is usually around 10%). The server has 1GB of ram, and is
> > logging to a SQL Server 2000. Running on FreeBSD 4.8. The average load
> > (not
> > during peak times) is about 0.75 - 1.25. Single processor configuration.
> >
> >
> > We have trimmed out some of the rules. For example, since the network we
> > are
> > protecting is a Windows network, we have removed anything that may not
> > apply
> > to windows... We don't monitor for porn, etc. we are more interested in
> > virus outbreaks. Also not particularly interested in portscans, so we have
> > removed that detection as well.
> >
> >
> >
> >
> > -------------------------------------------------------
> > This SF.net email is sponsored by: IBM Linux Tutorials.
> > Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
> > Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
> > Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=ick
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=ort-users
>
>
>
>
>-------------------------------------------------------
>This SF.net email is sponsored by: IBM Linux Tutorials.
>Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
>Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
>Click now! http://ads.osdn.com/?ad_id78&alloc_id371&opÌk
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list





More information about the Snort-users mailing list