snort-users November 2009 archive
Main Archive Page > Month Archives  > snort-users archives
snort-users: Re: [Snort-users] Snort Hardware Selection and Fibe

Re: [Snort-users] Snort Hardware Selection and Fiber/Copper Taps

From: Mark W. Jeanmougin <mark.jeanmougin_at_nospam>
Date: Mon Nov 02 2009 - 15:27:38 GMT

Seriously: I have to second the recommendation to buy the Sourcefire sensors. I've got a half dozen or so and they work fairly well. Their support is great.

The 9900 has great throughput, low enough latency and can handle 10 Gbit with no problems.

What are you looking to monitor?


On 10/30/2009 11:19 PM, Rob Dixon wrote:
> What do you */need?/* Do you have requirements or just the biggest
> baddest snort censor money can buy? hehe.
> On Thu, Oct 29, 2009 at 3:46 PM, Chan, Wilson <
> <>> wrote:
> Im looking at spec’ing out some new servers for my Linux (CentOS)
> Snort boxes. If funding was not a issue what would you buy?
> Q: Snort is not multi-threaded so does it make sense to buy a rack
> mount server with multiple cpus?
> Q: How much ram should be allocated per server for 32bit snort on
> linux? If I go over 4Gb I would have to use a PAE kernel. How much
> ram can Snort use?
> Q: Ntap fiber to copper aggregators for gigabit links or Ntap fiber
> to copper traditional taps (Outputs Tx and Rx per copper port)?
> Q: If I decide to use the traditional taps do you run two processes
> of snort for each TX and RX or do you bridge the two interfaces and
> run just one snort process? What is best to do in this scenario? Thanks!
> *Wilson*

Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now!

Snort-users mailing list
Go to this URL to change user options or unsubscribe: Snort-users list archive: