[Snort-users] hardware requirements

Schmehl, Paul L pauls at ...6838...
Thu Jun 26 10:14:05 EDT 2003

We're running snort on a desktop machine with a P IV 1GB processor with
1GB of ram, one 40GB IDE hard drive and a 10/100 nic on the edge of a
network (passive mode) with 15,000 users and 2 DS3s, and it drops less
than 1% of the packets - FreeBSD 4.7 RELEASE, snort 2.00, mysql 3.23.55
and ACID 0.9.23.

We average about 45,000 alerts a day.  The system is about 60% idle and
memory use is about 60% of the installed memory.  There are no "excess"
processes (like X Windows) running.

Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member

-----Original Message-----
From: Brei, Matt [mailto:mbrei at ...8727...] 
Sent: Thursday, June 26, 2003 9:56 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] hardware requirements


I would like to get an idea on what type of hardware you are all running
snort on and what size network it services.  I plan on using
snort/MySQL/acid to monitor internet usage and log policy violation on a
network with about 100 users.  I have the same basic set up at home with
snort running on a 450 K6-2 logging to MySQL/acid on a 1100 Athlon both
using PC133 and standard IDE drives (ATA100 and UDMA66).  With this many
users and having all of the components (snort/MySQL/acid) all on 1
machine, would It be a good idea to go with SCSI, DDR and 10/100/1000?
This setup also needs to be scalable up to about 250 users.  

More information about the Snort-users mailing list