O'Reilly logo

Intrusion Detection with Snort by Jack Koziol

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Hardware Performance Metrics

Because each network and Snort installation is unique, it is difficult to create exact performance metrics. It is impossible to say X amount of processing power and RAM will monitor Y bandwidth for a typical Snort deployment. This can be insanely frustrating for persons new to Snort. I have seen environments where a user new to Snort had purchased expensive state-of-the-art hardware and was unable to have Snort monitor a T1 Internet connection without dropping packets. Snort's performance is derived primarily from the Snort configuration and the type of monitored traffic. With this said, there are some general, rough guidelines you can use to help you gauge what system resources Snort will require.

Ruleset and Configuration ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required