[Snort-users] Notes regarding success with snort 2.0 on low end hardware

Matt Kettler mkettler at ...4108...
Mon Jun 9 17:48:12 EDT 2003


I just got done upgrading my snort box to merely "low end" instead of 
"really low end" hardware. However, I thought some of you might find it 
interesting that I was successfully running snort 2.0 on an old box with 
relatively low packet loss (just under 0.1%) sniffing a modestly loaded 
2mbit symmetric connection.

I had set up snort by disabling conversation and portscan2, used the lowmem 
config option and the -k none command line parameter and tuned the ruleset 
slightly. The process consumed a relatively meager 13mb of ram.

I had been running this snort setup on a Pentium-133 console-only OpenBSD 
box, with 64mb of ram, and a realtek chipset NIC.

So despite having an inefficient NIC, low end cpu and low ram, snort ran 
reasonably well, although it was missing a few packets here and there. Not 
too shabby for such a low-end system. Kudos to Marty, Chris and the others 
for making snort 2.0 still usable on the low-end setups.

Now I've got it running on a 400mhz PII w/128mb and a better NIC, which is 
still low end, but it's not nearly as laughable.





More information about the Snort-users mailing list