Hardware Performance Metrics
Because each network and Snort installation is unique, it is difficult to create exact performance metrics. It is impossible to say X amount of processing power and RAM will monitor Y bandwidth for a typical Snort deployment. This can be insanely frustrating for persons new to Snort. I have seen environments where a user new to Snort had purchased expensive state-of-the-art hardware and was unable to have Snort monitor a T1 Internet connection without dropping packets. Snort's performance is derived primarily from the Snort configuration and the type of monitored traffic. With this said, there are some general, rough guidelines you can use to help you gauge what system resources Snort will require.
Ruleset and Configuration ...
Get Intrusion Detection with Snort now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.