Snort on Red Hat Enterprise Linux 5 [Parts 1 & 2]

From Part 2:

“First, you’re going to need to ensure the hardware you are
using for your sensor is sufficient to perform the required
detection. IDS sensing can be memory-, processor- and disk
space-intensive depending on the volume of traffic flowing through
it. For a high-volume environment, you should make use of a fast
processor (or processors), lots of memory and sufficient disk space
to store whatever period of alerts and logs your environment
requires. You will also need to ensure that you have a sufficiently
sized network card and enough interfaces. I recommend at least two
interfaces, one for sensing and another for management. You can
also have Snort monitor on multiple interfaces on your sensors, but
I recommend keeping a dedicated management port…”

Complete Story
[Part 1]

Complete Story
[Part 2]