[Snort-users] system setup for SNORT: looking for recommendation

Jeff Schmidt (CACL Tech Asst) schmidje at ...11869...
Fri May 28 13:37:07 EDT 2004

   I'm setting up a pc with OpenBSD for the purpose of using it as an 
NIDS system with SNORT. I've been reading a lot of documentation, but 
here are a few questions that I have not come across answers to:

Realistic system requirements: We are trying to do ID on a network with 
about 2 dozen computers, so it's not a huge network. However, being at a 
public library, each of the individual computers does get quite a bit of 
traffic. How much disk space should I set aside for SNORT to record data 
about network activity? And under what filesystem? It appears that SNORT 
basically saves it's logs and data in /var/log/snort, so I'm guessing I 
want to partition my hard drive so that /var has most of the available 
space? The server currently has 128MB ram - is this sufficient? It has a 
PII-400Mhz processor - is that fast enough to do the real-time analysis 
of network traffic that is necessary?

Well, I guess that's all for now. I'm sure I'll be coming up with more 
questions as time goes on.

Jeff Schmidt
Technology Assistant
Council of Ashtabula County Libraries

Views expressed are my own and are not my employer's.

More information about the Snort-users mailing list