Hardware Performance Metrics

Because each network and Snort installation is unique, it is difficult to create exact performance metrics. It is impossible to say X amount of processing power and RAM will monitor Y bandwidth for a typical Snort deployment. This can be insanely frustrating for persons new to Snort. I have seen environments where a user new to Snort had purchased expensive state-of-the-art hardware and was unable to have Snort monitor a T1 Internet connection without dropping packets. Snort's performance is derived primarily from the Snort configuration and the type of monitored traffic. With this said, there are some general, rough guidelines you can use to help you gauge what system resources Snort will require.

Ruleset and Configuration ...

Get Intrusion Detection with Snort now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.