[Snort-users] system setup for SNORT: looking for recommendation

Jeff Schmidt (CACL Tech Asst) schmidje at ...11869...
Fri May 28 13:37:07 EDT 2004


Hello,
   I'm setting up a pc with OpenBSD for the purpose of using it as an 
NIDS system with SNORT. I've been reading a lot of documentation, but 
here are a few questions that I have not come across answers to:

Realistic system requirements: We are trying to do ID on a network with 
about 2 dozen computers, so it's not a huge network. However, being at a 
public library, each of the individual computers does get quite a bit of 
traffic. How much disk space should I set aside for SNORT to record data 
about network activity? And under what filesystem? It appears that SNORT 
basically saves it's logs and data in /var/log/snort, so I'm guessing I 
want to partition my hard drive so that /var has most of the available 
space? The server currently has 128MB ram - is this sufficient? It has a 
PII-400Mhz processor - is that fast enough to do the real-time analysis 
of network traffic that is necessary?

Well, I guess that's all for now. I'm sure I'll be coming up with more 
questions as time goes on.

--
Jeff Schmidt
Technology Assistant
Council of Ashtabula County Libraries

Views expressed are my own and are not my employer's.






More information about the Snort-users mailing list