Linux Today: Linux News On Internet Time.

Snort on Red Hat Enterprise Linux 5 [Parts 1 & 2]

Aug 31, 2007, 09:00 (0 Talkback[s])
(Other stories by James Turnbull)

From Part 2:

"First, you're going to need to ensure the hardware you are using for your sensor is sufficient to perform the required detection. IDS sensing can be memory-, processor- and disk space-intensive depending on the volume of traffic flowing through it. For a high-volume environment, you should make use of a fast processor (or processors), lots of memory and sufficient disk space to store whatever period of alerts and logs your environment requires. You will also need to ensure that you have a sufficiently sized network card and enough interfaces. I recommend at least two interfaces, one for sensing and another for management. You can also have Snort monitor on multiple interfaces on your sensors, but I recommend keeping a dedicated management port..."

Complete Story [Part 1]

Complete Story [Part 2]

Related Stories: