[Snort-users] hardware requirements for snort sensors

scott_sakai at ...9725... scott_sakai at ...9725...
Thu Jul 24 15:42:18 EDT 2003

Hi, I've been charged with setting up an IDS environment and was wondering what
recommendations people have for the "ideal" setup.  Sensors reporting back to a
single host or autonomous sensors that detect and collect data on their own?
What level of hardware for each part do you all think is needed to monitor a
100mbit LAN?  Do I need much processing power?  Memory, 512MB enough, or is a
gig needed?  What about hard drive, IDE or SCSI?  Does each sensor being
autonomous make more sense, instead of having to worry about the "back-end" link
to the server?

I'm looking at deploying on maybe three or four segments via port mirroring on
10/100 ethernet switches.

Any advice would be appreciated,


