[Snort-users] Deployment Sizes? was: anyone trying kickfire to improve SQL performance?
Jason.Haar at ...294...
Fri May 2 22:00:55 EDT 2008
Stewart L wrote:
> Define a large installation?
> That's something I've been wondering... We've set up a big central
> snort box on a 16 core machine with 16GB or RAM and 1.2TB of disk.
> We're currently running 6 instances of snort on this hardware and plan
> on having 12-16 instances when our rollout is complete. We'll likely
> also have a couple remote sensors feeding stuff into MySQL over the
..well that classifies you as "a large installation" in my eyes :-)
BTW: are you saying you're running 6 instances of snort on the same box
as your database? I thought that was a Bad Idea(tm)...
However, I guess if your IDS only generate 1 event per minute, then
there really isn't much competing occurring. Although when you actually
use the SQL data (eg via BASE), then it could hurt your packet
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1
More information about the Snort-users