[Snort-users] Snort on a 486 ?

Hicks, John JHicks at ...5857...
Wed Jan 15 11:17:05 EST 2003

The following run extremely well on 486 systems, and incorporate snort:

1) Smoothwall (www.smoothwall.org)
2) ShadowSlack (www.whitehats.ca)

John Hicks

-----Original Message-----
From: Saad Kadhi [mailto:saad at ...4401...]
Sent: Wednesday, January 15, 2003 1:37 PM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Snort on a 486 ?

On Wed, Jan 15, 2003 at 09:44:07AM -0500, Bennett Todd wrote:
> 2003-01-15T02:51:45 Hilton De Meillon:
> > will snort be able to run on a 486?
> I'd expect so.
> > Will it be fast enough to monitor a 128k line?
> Mostly, probably. I'd expect two possible issues.
> First, there's memory footprint. With 1.9.0 and little tuning in the
> sigs, I routinely see >>16MB VM and a working set over 5MB; with
> lots of traffic and spp_portscan2 enabled, it's not uncommon to see
> that memory footprint climb over 64MB.
> Olde 486-vintage machines are often found with 4-8MB of RAM. That's
> liable to make you unhappy. A thrashing snort probably won't work at
> all.
> If you can get the 486 box up to 16MB of RAM, and if you disable
> portscan2 and conversation, and you don't run much else that eats
> RAM on this box, that should address that issue.
just fyi, the last time I tried to load an openbsd on  a  486  box  (was
then a 2.9), I had a hell  of  a  time  getting  to  install  with  16MB
(MAKEDEV all was the culprit) and even afterwards, it was  *hum*  rather
slooooow (custom kernel, every bit of unneeded stuff left out).

maybe it is possible to install an old distro  of  a  linux/*bsd  distro
that will be happy with 16MB of RAM.

> It can be done, with care, but is it worth it? You ought to be able
> to get something substantially newer for $50 off eBay, I'd expect.
agreed. get newer hardware. it won't cost you much and it will save  you
sweat :).

but what you are attempting to do sound like a good "snort  benchmarking
and tuning" project.

Saad Kadhi -- [saad at ...4401...] [saad.kadhi at ...7831...]
[pgp keyid: 35592A6D http://pgp.mit.edu]
[pgp fingerprint: BF7D D73E 1FCF 4B4F AF63  65EB 34F1 DBBF 3559 2A6D]

This SF.NET email is sponsored by: A Thawte Code Signing Certificate 
is essential in establishing user confidence by providing assurance of 
authenticity and code integrity. Download our Free Code Signing guide:
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list