[Snort-users] RE: Notes regarding success with snort 2.0 on low end hardware

Petriz, Pablo ppetriz at ...3815...
Tue Jun 17 07:45:06 EDT 2003


Hello Matt

I am a "low end hardware" user too, and i want to know if you can extend 
your case a little bit and explain us (the non so technical users of snort)
which are the pros, cons and howtos of the things you've set up to do it.

"I had set up snort by disabling conversation and portscan2, used the lowmem

config option and the -k none command line parameter and tuned the ruleset 
slightly. The process consumed a relatively meager 13mb of ram."

Thank you very much


PABLO


> Date: Mon, 09 Jun 2003 20:45:25 -0400
> To: snort-users at lists.sourceforge.net
> From: Matt Kettler <mkettler at ...4108...>
> Subject: [Snort-users] Notes regarding success with snort 2.0 on low end
hardware
> 
> I just got done upgrading my snort box to merely "low end" instead of 
> "really low end" hardware. However, I thought some of you might find it 
> interesting that I was successfully running snort 2.0 on an old box with 
> relatively low packet loss (just under 0.1%) sniffing a modestly loaded 
> 2mbit symmetric connection.
> 
> I had set up snort by disabling conversation and portscan2, used the
lowmem 
> config option and the -k none command line parameter and tuned the ruleset

> slightly. The process consumed a relatively meager 13mb of ram.
> 
> I had been running this snort setup on a Pentium-133 console-only OpenBSD 
> box, with 64mb of ram, and a realtek chipset NIC.
> 
> So despite having an inefficient NIC, low end cpu and low ram, snort ran 
> reasonably well, although it was missing a few packets here and there. Not

> too shabby for such a low-end system. Kudos to Marty, Chris and the others

> for making snort 2.0 still usable on the low-end setups.
> 
> Now I've got it running on a 400mhz PII w/128mb and a better NIC, which is

> still low end, but it's not nearly as laughable.






More information about the Snort-users mailing list