[Snort-users] system setup for SNORT: looking for recommendation

twig les twigles at ...131...
Fri May 28 13:47:03 EDT 2004

How much disk space should I set aside for SNORT to
> record data 
> about network activity? And under what filesystem? 
> --

Most answers to the "how big a system do I need" questions are
"it depends".  However I will say that you will likely end up
using a database to log alerts rather than the text files,
therefore it would behoove you to make sure /var is very big
(setup the rest of the partitions and then use the rest for
/var) and make sure upon installing/setting up the database that
it logs to /var/whatever.  Then you'll be covered with a db,
text files, syslog, etc. without too much hassle.

With a few exceptions, secrecy is deeply incompatible with
democracy and with science.
     --Carl Sagan  

Do you Yahoo!?
Friends.  Fun.  Try the all-new Yahoo! Messenger.

More information about the Snort-users mailing list