Snort mailing list archives
Re: drive config for sensor?
From: Erek Adams <erek () theadamsfamily net>
Date: Tue, 8 Oct 2002 22:30:06 -0700 (PDT)
On Tue, 8 Oct 2002, /dev/null wrote:
I'm setting up a dedicated snort sensor that will feed data using mysql into the console running on another box. My incomming connection is 256K. I have two HD in this sensor, a 1Gig and a 256Meg. Any recommendations on the sizes to use for the partitions and what to mount them as?
Ummmm.... Ok, you've got a lot of issues here. Box, Disk, output plugins, disk speed, etc... It's more than I care to elaborate on. :) To be honest: Setup the sensor first. Make it work. THEN and _only_ then should you start trying to "speed it up". I could rattle off all sorts of things to make life 'quicker', but 'quicker' !== 'better'. Use what you have and what you know.... After that, then you might want to consider changing Snort. Cheers! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort version comparisons Sabari Devadoss (Oct 08)
- Re: Snort version comparisons Chris Green (Oct 08)
- drive config for sensor? /dev/null (Oct 08)
- Re: drive config for sensor? Erek Adams (Oct 08)
- drive config for sensor? /dev/null (Oct 08)
- Re: Snort version comparisons Erek Adams (Oct 08)
- <Possible follow-ups>
- Re: Snort version comparisons larc (Oct 09)
- RE: Snort version comparisons Crow, Owen (Oct 09)
- Re: Snort version comparisons Chris Green (Oct 08)