Snort mailing list archives
Quick sizing question
From: Lee Brown <leeb () ratnaling org>
Date: Sat, 7 Jan 2017 10:38:32 -0800
Hi, We are about to install gigabit internet and I need to employ Snort as an IPS for p2p traffic only. From what I read here <http://ossectools.blogspot.com/2011/04/network-intrusion-detection-systems.html>, it would seem a single core should be sufficient? 1 CPU = (1000 signatures ) * (500 megabits network traffic) I expect to have 100 signatures and 1000 megabits, so: (100/1000) * (1000/500) = 0.2 CPU's Does this look about right to anybody? I have no problem buying new hardware for an IPS, but this looks like I could use some legacy hardware to drive it, assuming a multi-core server (I have in mind a 2009 Xeon 2.8GHz, not sure if the bus is sufficient though). Thanks -- lee
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Quick sizing question Lee Brown (Jan 07)