On 21/06/05 11:35 +0530, Sonali Gupta wrote:
Hi,
We are using Snort on Linux in the binary packet capture mode (capture and log in tcpdump format). We find packet drops even at 5 Mbps bandwidth which we feel is very low for the hardware we are using. We would be grateful if you can provide any suggestions on the issue.
Hardware used: HP Proliant DL 140 G2. Dual processor, processor speed 2.8 GHz with 512MB RAM and 72 GB SATA HDD, Gigabit network card.
May I suggest a RAID 10 setup with 15000 RPM SCSI disks instead? Alternatively, ask Sourcefire for what hardware they would recommend with Snort.
One of Marty Roesch's postings on an IDS list basically stated that IDS need hardware ==> fast CPU, gobs of RAM, and large numbers of very fast disks. You may find benchmarking with hardware RAID between RAID 5 and RAID 10 useful. Multiple spindles are required for I/O bound applications.
Devdas Bhagat