Re: [Snort-users] Deployment Sizes? was: anyone trying kickfire to

Stewart L wrote:
> Define a large installation?
>
> That's something I've been wondering... We've set up a big central
> snort box on a 16 core machine with 16GB or RAM and 1.2TB of disk.
> We're currently running 6 instances of snort on this hardware and plan
> on having 12-16 instances when our rollout is complete. We'll likely
> also have a couple remote sensors feeding stuff into MySQL over the
> network.
>

...well that classifies you as "a large installation" in my eyes :-)

BTW: are you saying you're running 6 instances of snort on the same box
as your database? I thought that was a Bad Idea(tm)...

However, I guess if your IDS only generate 1 event per minute, then
there really isn't much competing occurring. Although when you actually
use the SQL data (eg via BASE), then it could hurt your packet
inspection...?



--
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757...un.com/javaone
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users