Snort mailing list archives
RE: Linux of FreeBSD
From: "Abe L. Getchell" <abegetchell () home com>
Date: Mon, 26 Nov 2001 15:32:05 -0500
Hi Olev, This question has been asked many times in recent days on this list and the best advice I can give after considering all the options on the market, opinions posted here, as well as personal experience, is to run it on what you know the best. If you know the Linux side of things, run it on Linux. If you know the FreeBSD side of things, run it on Linux... Er, I mean FreeBSD. ;-) That being said, I'm currently testing a sensor on (a highly modified and stripped down configuration of) Red Hat Linux 7.2 on our production network and it's chugging right along. I have the box monitoring one of our DS3's running at capacity (45Mbit), and it's showing no signs of stress with processor utilization sitting right around 30%-40% on a PIII 1GHz. That being said, I have spent ample time tuning the rules for our environment; it's not just a default set of sigs that packets are being checked against. To stress it again, run it on what you know the best. Spend your time tuning the operating system, tuning Snort, and tuning the Snort rules rather than trying to decide what OS to run it on. The benefit of the work you put in on getting it to run on _your_ system well will far out-weigh the benefits of picking one OS over the other. Thanks, Abe -- Abe L. Getchell Security Engineer abegetchell () home com
-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Olav Langeland Sent: Monday, November 26, 2001 10:18 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Linux of FreeBSD I am seeking advice on what is best suited for Snort use, Linux or FreeBSD. It will monitor either a dual E3 link (currently at 50% capacity) or a single port producing about 30-40Mbit. Will Debian Linux handle this kind of traffic without problem, or is FreeBSD a better choice? The machine in question is P3-800, 512MB Ram and SCSI raid. Thanks for any help. -- Olav Langeland <> olav.langeland () activeisp com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/s> nort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Linux of FreeBSD Olav Langeland (Nov 26)
- Re: Linux of FreeBSD Erek Adams (Nov 26)
- RE: Linux of FreeBSD Abe L. Getchell (Nov 26)
- Re: Linux of FreeBSD Casey Allen Shobe (Nov 26)
- RE: Linux of FreeBSD Abe L. Getchell (Nov 26)
- Re: Linux of FreeBSD Chris Green (Nov 26)
- RE: Linux of FreeBSD Abe L. Getchell (Nov 26)
- <Possible follow-ups>
- RE: Linux of FreeBSD Michael Aylor (Nov 26)
- Re: Linux of FreeBSD Casey Allen Shobe (Nov 26)
- RE: Linux of FreeBSD Olav Langeland (Nov 27)
- Re: Linux of FreeBSD Martin Roesch (Nov 27)
- Re: Linux of FreeBSD Erek Adams (Nov 26)