[Snort-users] Notes regarding success with snort 2.0 on low end hardware
mkettler at ...4108...
Mon Jun 9 17:48:12 EDT 2003
I just got done upgrading my snort box to merely "low end" instead of
"really low end" hardware. However, I thought some of you might find it
interesting that I was successfully running snort 2.0 on an old box with
relatively low packet loss (just under 0.1%) sniffing a modestly loaded
2mbit symmetric connection.
I had set up snort by disabling conversation and portscan2, used the lowmem
config option and the -k none command line parameter and tuned the ruleset
slightly. The process consumed a relatively meager 13mb of ram.
I had been running this snort setup on a Pentium-133 console-only OpenBSD
box, with 64mb of ram, and a realtek chipset NIC.
So despite having an inefficient NIC, low end cpu and low ram, snort ran
reasonably well, although it was missing a few packets here and there. Not
too shabby for such a low-end system. Kudos to Marty, Chris and the others
for making snort 2.0 still usable on the low-end setups.
Now I've got it running on a 400mhz PII w/128mb and a better NIC, which is
still low end, but it's not nearly as laughable.
More information about the Snort-users