Re: Multiple instances of snort on one box?

[Nick Hatch <nick () restek wwu edu>]

Up until yesterday we were monitoring 22mbit of traffic (one-way) using 
a 333 Celeron with 256MB of RAM. The Snort rules were pruned quite a 
bit. The CPU usage was never over 30% or so. This was with 3com NICs. 
This machine was swapped out (after 320 days of uptime with the 2.2 
linux kernel) for Snort running on two redundant 1U 2.8ghz P4 OpenBSD 
machines.

I would say that the hardware specs are the least of your concerns. 
Other posters had good advice about handling the management of multiple 
Snort processes.

-Nick

Drew Stockman wrote:

> Also, what kind of hardware would it take to replace 3 sensors, 
> each listening to a T-1 connection? 

--
Nick Hatch
ResTek Consultant
restek.wwu.edu 650-2946



-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users