[Snort-users] Deployment Sizes? was: anyone trying kickfire to improve SQL performance?

Jason Haar Jason.Haar at ...294...
Fri May 2 22:00:55 EDT 2008

Stewart L wrote:
> Define a large installation?
> That's something I've been wondering... We've set up a big central 
> snort box on a 16 core machine with 16GB or RAM and 1.2TB of disk.   
> We're currently running 6 instances of snort on this hardware and plan 
> on having 12-16 instances when our rollout is complete.   We'll likely 
> also have a couple remote sensors feeding stuff into MySQL over the 
> network.

..well that classifies you as "a large installation" in my eyes :-)

BTW: are you saying you're running 6 instances of snort on the same box 
as your database? I thought that was a Bad Idea(tm)...

However, I guess if your IDS only generate 1 event per minute, then 
there really isn't much competing occurring. Although when you actually 
use the SQL data (eg via BASE), then it could hurt your packet 


Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

More information about the Snort-users mailing list