[Snort-users] Snort on a 486 ?
JHicks at ...5857...
Wed Jan 15 11:17:05 EST 2003
The following run extremely well on 486 systems, and incorporate snort:
1) Smoothwall (www.smoothwall.org)
2) ShadowSlack (www.whitehats.ca)
From: Saad Kadhi [mailto:saad at ...4401...]
Sent: Wednesday, January 15, 2003 1:37 PM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Snort on a 486 ?
On Wed, Jan 15, 2003 at 09:44:07AM -0500, Bennett Todd wrote:
> 2003-01-15T02:51:45 Hilton De Meillon:
> > will snort be able to run on a 486?
> I'd expect so.
> > Will it be fast enough to monitor a 128k line?
> Mostly, probably. I'd expect two possible issues.
> First, there's memory footprint. With 1.9.0 and little tuning in the
> sigs, I routinely see >>16MB VM and a working set over 5MB; with
> lots of traffic and spp_portscan2 enabled, it's not uncommon to see
> that memory footprint climb over 64MB.
> Olde 486-vintage machines are often found with 4-8MB of RAM. That's
> liable to make you unhappy. A thrashing snort probably won't work at
> If you can get the 486 box up to 16MB of RAM, and if you disable
> portscan2 and conversation, and you don't run much else that eats
> RAM on this box, that should address that issue.
just fyi, the last time I tried to load an openbsd on a 486 box (was
then a 2.9), I had a hell of a time getting to install with 16MB
(MAKEDEV all was the culprit) and even afterwards, it was *hum* rather
slooooow (custom kernel, every bit of unneeded stuff left out).
maybe it is possible to install an old distro of a linux/*bsd distro
that will be happy with 16MB of RAM.
> It can be done, with care, but is it worth it? You ought to be able
> to get something substantially newer for $50 off eBay, I'd expect.
agreed. get newer hardware. it won't cost you much and it will save you
but what you are attempting to do sound like a good "snort benchmarking
and tuning" project.
Saad Kadhi -- [saad at ...4401...] [saad.kadhi at ...7831...]
[pgp keyid: 35592A6D http://pgp.mit.edu]
[pgp fingerprint: BF7D D73E 1FCF 4B4F AF63 65EB 34F1 DBBF 3559 2A6D]
This SF.NET email is sponsored by: A Thawte Code Signing Certificate
is essential in establishing user confidence by providing assurance of
authenticity and code integrity. Download our Free Code Signing guide:
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users