[Snort-users] Snort on a 486 ?
saad at ...4401...
Wed Jan 15 10:37:05 EST 2003
On Wed, Jan 15, 2003 at 09:44:07AM -0500, Bennett Todd wrote:
> 2003-01-15T02:51:45 Hilton De Meillon:
> > will snort be able to run on a 486?
> I'd expect so.
> > Will it be fast enough to monitor a 128k line?
> Mostly, probably. I'd expect two possible issues.
> First, there's memory footprint. With 1.9.0 and little tuning in the
> sigs, I routinely see >>16MB VM and a working set over 5MB; with
> lots of traffic and spp_portscan2 enabled, it's not uncommon to see
> that memory footprint climb over 64MB.
> Olde 486-vintage machines are often found with 4-8MB of RAM. That's
> liable to make you unhappy. A thrashing snort probably won't work at
> If you can get the 486 box up to 16MB of RAM, and if you disable
> portscan2 and conversation, and you don't run much else that eats
> RAM on this box, that should address that issue.
just fyi, the last time I tried to load an openbsd on a 486 box (was
then a 2.9), I had a hell of a time getting to install with 16MB
(MAKEDEV all was the culprit) and even afterwards, it was *hum* rather
slooooow (custom kernel, every bit of unneeded stuff left out).
maybe it is possible to install an old distro of a linux/*bsd distro
that will be happy with 16MB of RAM.
> It can be done, with care, but is it worth it? You ought to be able
> to get something substantially newer for $50 off eBay, I'd expect.
agreed. get newer hardware. it won't cost you much and it will save you
but what you are attempting to do sound like a good "snort benchmarking
and tuning" project.
Saad Kadhi -- [saad at ...4401...] [saad.kadhi at ...7831...]
[pgp keyid: 35592A6D http://pgp.mit.edu]
[pgp fingerprint: BF7D D73E 1FCF 4B4F AF63 65EB 34F1 DBBF 3559 2A6D]
More information about the Snort-users