[Snort-users] Deployment Sizes? was: anyone trying kickfire to improve SQL performance?

Jason Haar Jason.Haar at ...294...
Fri May 2 22:00:55 EDT 2008


Stewart L wrote:
> Define a large installation?
>
> That's something I've been wondering... We've set up a big central 
> snort box on a 16 core machine with 16GB or RAM and 1.2TB of disk.   
> We're currently running 6 instances of snort on this hardware and plan 
> on having 12-16 instances when our rollout is complete.   We'll likely 
> also have a couple remote sensors feeding stuff into MySQL over the 
> network.
>

..well that classifies you as "a large installation" in my eyes :-)

BTW: are you saying you're running 6 instances of snort on the same box 
as your database? I thought that was a Bad Idea(tm)...

However, I guess if your IDS only generate 1 event per minute, then 
there really isn't much competing occurring. Although when you actually 
use the SQL data (eg via BASE), then it could hurt your packet 
inspection...?



-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1





More information about the Snort-users mailing list