|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Snort-users] Gigabit IDS
From: Erek Adams (erek
snort.org)
Date: Tue Jan 06 2004 - 08:30:00 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, 5 Jan 2004 Tony.Williamsci.austin.tx.us wrote:
> I recently picked up a Dell Poweredge 1750 at work for a pilot test using
> snort as our enterprise IDS. The specs on the box are Dual Xeon 3.06Ghz
> Procs, 2gig mem, 15k rpm scsi drives in a raid 5 configuration and dual
> intel fiber gig nics. I've been doing some studying and I want to leverage
> our current microsoft sql database backend for logging. I saw that barnyard
> was probably the way to go for logging to the database but it seems as
> though it only supports mysql and postgres. I figure I could use the
> database output plugin in snort but I know that will cost me performance and
> at gigabit i'm not sure how much I can give. It seems that there is a win32
> version of barnyard that supports mssql but I'm really wanting to make my
> sensors linux for speed. Can anyone give me some insight and let me know if
> my hardware sounds good for gigabit ids and also if you think I may have an
> issue with using the snort db output plugin instead of barnyard due to the
> lack of mssql support? I'm going to be starting the test soon but I'm still
> in the information gathering stage right now. Any help would be
> appreciated. Thanks!!!
Two things:
* How much traffic do you expect to handle? With the hardware that you
have you can handle a fair amount, but just don't expect it to handle an
OC-48.
* Change the disks to a RAID 1+0. 1+0 will give you about a 4.5-5.0 x
gain in write performance while still maintaining redundancy.
Cheers!
-----
Erek Adams
"When things get weird, the weird turn pro." H.S. Thompson
-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]