Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Quick sizing question

From: Lee Brown <leeb () ratnaling org>
Date: Sat, 7 Jan 2017 10:38:32 -0800
Hi,

We are about to install gigabit internet and I need to employ Snort as an
IPS for p2p traffic only.  From what I read here
<http://ossectools.blogspot.com/2011/04/network-intrusion-detection-systems.html>,
it would seem a single core should be sufficient?

1 CPU = (1000 signatures ) * (500 megabits network traffic)

I expect to have 100 signatures and 1000 megabits, so:
(100/1000) * (1000/500) = 0.2 CPU's

Does this look about right to anybody?  I have no problem buying new
hardware for an IPS, but this looks like I could use some legacy hardware
to drive it, assuming a multi-core server (I have in mind a 2009 Xeon
2.8GHz, not sure if the bus is sufficient though).

Thanks -- lee

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: