[prev in list] [next in list] [prev in thread] [next in thread] 

List:       snort-users
Subject:    [Snort-users] Snort hardware requirements
From:       Nemanja Simpraga <nsimpraga () iolap ! com>
Date:       2019-11-19 8:40:22
Message-ID: CH2PR07MB64409505EFAFBA86863500CEB24C0 () CH2PR07MB6440 ! namprd07 ! prod ! outlook ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


Hi,

I am new to the Snort community and the whole idea of IDS so bear with me.

I am working as a system administrator for my company and we recently decid=
ed to implement Snort into our network.
We have to optical fiber connections coming into our network so we will be =
setting up two Snort machines into the network - one for each link.

My question is regarding the hardware requirements. I've read up a bit and =
what I've concluded is that I need a motherboard with two ethernet interfac=
es and a lot of storage space (because of the logs). RAM and processing pow=
er are less important, if I am assuming correctly?
We are considering some rack-mountable machines since they're less space co=
nsuming but if I decide to build a machine from scratch component by compon=
ent, it would look something like this:

CPU: Pentium G5400
MBO: Asrock Z390M-ITX/ac
RAM: 1x8GB Crucial 3200MHz Ballistix Sport LT
HDD: 2x WD Red 4TB 3.5'' 5400rpm, WD40EFRX
Cooler: LC Power Cosmo Cool LC-CC-120
Case: Zalman T5 Mini Tower
PSU: Corsair RM550X 550W

I thought about setting up the hard drives in RAID mode to get added reliab=
ilty and redundancy, don't know if I am going overboard with it?
Is 2x4TB too much? Would WD Purple (or some other HDD model/manufacturer) b=
e more suitable for the job? Will the 8 gigs of RAM and the Pentium be enou=
gh as far as processing power and memory are concerned?

Any additional tips and recommendations are more than welcome!

Best regards,

[cid:41909c7a-2869-4b74-b5b2-a54db0e3b61a]
[cid:027a36bc-281a-41ca-81df-72cf08fcbb5d]<https://www.facebook.com/iOLAPIn=
c/>       [cid:a8275e45-67b1-4855-a68f-07768d4aa474] <https://twitter.com/i=
olapinc>         [cid:2852278d-fadf-4c59-adae-15ec135657b5] <https://www.li=
nkedin.com/company/iolap/>         [cid:870a5b8b-0a7f-4ed4-85c7-42c0de1e41c=
7] <https://iolap.com/>
Nemanja =A9impraga
System Administrator
[cid:062aac1c-77dc-401a-bd8a-e133d31cc0a9]   nsimpraga@iolap.com<mailto:nsi=
mpraga@iolap.com>
    +385 (0) 95 922 7170









[Attachment #5 (text/html)]

<html xmlns:v="urn:schemas-microsoft-com:vml" \
xmlns:o="urn:schemas-microsoft-com:office:office" \
xmlns:w="urn:schemas-microsoft-com:office:word" \
xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" \
xmlns="http://www.w3.org/TR/REC-html40"> <head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-2">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
	{font-family:"Cambria Math";
	panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
	{font-family:Calibri;
	panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
	{margin:0in;
	margin-bottom:.0001pt;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;
	mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
	{mso-style-priority:99;
	color:#0563C1;
	text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
	{mso-style-priority:99;
	color:#954F72;
	text-decoration:underline;}
p.msonormal0, li.msonormal0, div.msonormal0
	{mso-style-name:msonormal;
	mso-margin-top-alt:auto;
	margin-right:0in;
	mso-margin-bottom-alt:auto;
	margin-left:0in;
	font-size:11.0pt;
	font-family:"Calibri",sans-serif;}
span.EmailStyle18
	{mso-style-type:personal-compose;
	font-family:"Calibri",sans-serif;
	color:windowtext;}
.MsoChpDefault
	{mso-style-type:export-only;
	font-size:10.0pt;
	font-family:"Calibri",sans-serif;
	mso-fareast-language:EN-US;}
@page WordSection1
	{size:8.5in 11.0in;
	margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
	{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="HR" link="#0563C1" vlink="#954F72">
<div class="WordSection1">
<p class="MsoNormal">Hi,<o:p></o:p></p>
<p class="MsoNormal"><o:p>&nbsp;</o:p></p>
<p class="MsoNormal">I am new to the Snort community and the whole idea of IDS so \
bear with me.<o:p></o:p></p> <p class="MsoNormal"><o:p>&nbsp;</o:p></p>
<p class="MsoNormal">I am working as a system administrator for my company and we \
recently decided to implement Snort into our network. <o:p></o:p></p>
<p class="MsoNormal">We have to optical fiber connections coming into our network so \
we will be setting up two Snort machines into the network &#8211; one for each \
link.<o:p></o:p></p> <p class="MsoNormal"><br>
My question is regarding the hardware requirements. I've read up a bit and what I've \
concluded is that I need a motherboard with two ethernet interfaces and a lot of \
storage space (because of the logs). RAM and processing power are less important, if \
I am assuming  correctly?<o:p></o:p></p>
<p class="MsoNormal">We are considering some rack-mountable machines since they're \
less space consuming but if I decide to build a machine from scratch component by \
component, it would look something like this:<o:p></o:p></p> <p \
class="MsoNormal"><o:p>&nbsp;</o:p></p> <p class="MsoNormal"><b>CPU:</b> Pentium \
G5400<o:p></o:p></p> <p class="MsoNormal"><b>MBO:</b> Asrock \
Z390M-ITX/ac<o:p></o:p></p> <p class="MsoNormal"><b>RAM:</b> 1x8GB Crucial 3200MHz \
Ballistix Sport LT<o:p></o:p></p> <p class="MsoNormal"><b>HDD: 2x </b>WD Red 4TB \
3.5'' 5400rpm, WD40EFRX<o:p></o:p></p> <p class="MsoNormal"><b>Cooler:</b> LC Power \
Cosmo Cool LC-CC-120<o:p></o:p></p> <p class="MsoNormal"><b>Case: </b>Zalman T5 Mini \
Tower<o:p></o:p></p> <p class="MsoNormal"><b>PSU:</b> Corsair RM550X \
550W<b><o:p></o:p></b></p> <p class="MsoNormal"><o:p>&nbsp;</o:p></p>
<p class="MsoNormal">I thought about setting up the hard drives in RAID mode to get \
added reliabilty and redundancy, don't know if I am going overboard with it? \
<o:p></o:p></p> <p class="MsoNormal">Is 2x4TB too much? Would WD Purple (or some \
other HDD model/manufacturer) be more suitable for the job? Will the 8 gigs of RAM \
and the Pentium be enough as far as processing power and memory are \
concerned?<o:p></o:p></p> <p class="MsoNormal"><o:p>&nbsp;</o:p></p>
<p class="MsoNormal">Any additional tips and recommendations are more than \
welcome!<o:p></o:p></p> <p class="MsoNormal"><o:p>&nbsp;</o:p></p>
<p class="MsoNormal"><span lang="EN-US" style="mso-fareast-language:HR">Best \
regards,<o:p></o:p></span></p> <table class="MsoNormalTable" border="0" \
cellspacing="3" cellpadding="0" align="left" width="710" style="width:532.5pt"> \
<tbody> <tr>
<td style="padding:.75pt .75pt .75pt .75pt">
<div align="center">
<table class="MsoNormalTable" border="0" cellspacing="3" cellpadding="0" width="187" \
style="width:140.25pt"> <tbody>
<tr style="height:30.0pt">
<td style="padding:.75pt .75pt .75pt .75pt;height:30.0pt">
<p class="MsoNormal" align="center" \
style="text-align:center;mso-element:frame;mso-element-frame-hspace:2.25pt;mso-element \
-wrap:around;mso-element-anchor-vertical:paragraph;mso-element-anchor-horizontal:column;mso-height-rule:exactly">
 <span style="mso-fareast-language:HR"><br>
<img width="159" height="34" style="width:1.6562in;height:.3541in" \
id="x_x_Picture_x0020_1" src="cid:image001.png@01D59EB4.4D232B30" \
alt="cid:41909c7a-2869-4b74-b5b2-a54db0e3b61a"><o:p></o:p></span></p> </td>
</tr>
<tr style="height:26.0pt">
<td style="padding:.75pt .75pt .75pt .75pt;height:26.0pt">
<p class="MsoNormal" align="center" \
style="text-align:center;mso-element:frame;mso-element-frame-hspace:2.25pt;mso-element \
-wrap:around;mso-element-anchor-vertical:paragraph;mso-element-anchor-horizontal:column;mso-height-rule:exactly">
 <a href="https://www.facebook.com/iOLAPInc/"><span \
style="color:blue;mso-fareast-language:HR;text-decoration:none"><img border="0" \
width="9" height="15" style="width:.0937in;height:.1562in" id="x_x_Picture_x0020_2" \
src="cid:image002.png@01D59EB4.4D232B30" \
alt="cid:027a36bc-281a-41ca-81df-72cf08fcbb5d"></span></a><span \
style="mso-fareast-language:HR">&nbsp;  &nbsp; &nbsp; &nbsp;</span><a \
href="https://twitter.com/iolapinc"><span \
style="color:blue;mso-fareast-language:HR;text-decoration:none"><img border="0" \
width="15" height="13" style="width:.1562in;height:.1354in" id="x_x_Picture_x0020_3" \
src="cid:image003.png@01D59EB4.4D232B30" \
alt="cid:a8275e45-67b1-4855-a68f-07768d4aa474"></span></a><span \
style="mso-fareast-language:HR">  &nbsp; &nbsp; &nbsp; &nbsp;</span><a \
href="https://www.linkedin.com/company/iolap/"><span \
style="color:blue;mso-fareast-language:HR;text-decoration:none"><img border="0" \
width="15" height="15" style="width:.1562in;height:.1562in" id="x_x_Picture_x0020_4" \
src="cid:image004.png@01D59EB4.4D232B30" \
alt="cid:2852278d-fadf-4c59-adae-15ec135657b5"></span></a><span \
style="mso-fareast-language:HR">  &nbsp; &nbsp; &nbsp; &nbsp;</span><a \
href="https://iolap.com/"><span \
style="color:blue;mso-fareast-language:HR;text-decoration:none"><img border="0" \
width="15" height="15" style="width:.1562in;height:.1562in" id="x_x_Picture_x0020_5" \
src="cid:image005.png@01D59EB4.4D232B30" \
alt="cid:870a5b8b-0a7f-4ed4-85c7-42c0de1e41c7"></span></a><span \
style="mso-fareast-language:HR"><o:p></o:p></span></p> </td>
</tr>
</tbody>
</table>
</div>
</td>
<td style="padding:.75pt .75pt .75pt .75pt">
<div align="center">
<table class="MsoNormalTable" border="0" cellspacing="3" cellpadding="0" width="7" \
style="width:5.25pt"> <tbody>
<tr style="height:55.0pt">
<td width="7" style="width:5.25pt;background:#F67811;padding:.75pt .75pt .75pt \
.75pt;height:55.0pt"> </td>
</tr>
</tbody>
</table>
</div>
</td>
<td style="padding:.75pt .75pt .75pt .75pt">
<div align="center">
<table class="MsoNormalTable" border="0" cellspacing="3" cellpadding="0" width="480" \
style="width:5.0in"> <tbody>
<tr style="height:10.5pt">
<td style="padding:.75pt .75pt .75pt .75pt;height:10.5pt">
<p class="MsoNormal" \
style="mso-element:frame;mso-element-frame-hspace:2.25pt;mso-element-wrap:around;mso-e \
lement-anchor-vertical:paragraph;mso-element-anchor-horizontal:column;mso-height-rule:exactly">
 <b><span style="font-size:10.5pt;font-family:&quot;Arial&quot;,sans-serif;color:#F67811;text-transform:uppercase;mso-fareast-language:HR">Nemanja \
Šimpraga</span></b><span style="mso-fareast-language:HR"><o:p></o:p></span></p> </td>
</tr>
<tr style="height:9.0pt">
<td style="padding:.75pt .75pt .75pt .75pt;height:9.0pt">
<p class="MsoNormal" \
style="mso-element:frame;mso-element-frame-hspace:2.25pt;mso-element-wrap:around;mso-e \
lement-anchor-vertical:paragraph;mso-element-anchor-horizontal:column;mso-height-rule:exactly">
 <b><span style="font-size:9.0pt;font-family:&quot;Arial&quot;,sans-serif;color:#3E3E3E;mso-fareast-language:HR">System \
Administrator</span></b><span style="mso-fareast-language:HR"><o:p></o:p></span></p> \
</td> </tr>
<tr>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal" \
style="mso-element:frame;mso-element-frame-hspace:2.25pt;mso-element-wrap:around;mso-e \
lement-anchor-vertical:paragraph;mso-element-anchor-horizontal:column;mso-height-rule:exactly">
 <span style="font-size:7.0pt;font-family:&quot;Arial&quot;,sans-serif;mso-fareast-language:HR"><img \
border="0" width="13" height="9" style="width:.1354in;height:.0937in" \
id="x_x_Picture_x0020_6" src="cid:image006.png@01D59EB4.4D232B30" \
alt="cid:062aac1c-77dc-401a-bd8a-e133d31cc0a9">&nbsp;&nbsp; </span><a \
href="mailto:nsimpraga@iolap.com"><span \
style="font-size:9.0pt;font-family:&quot;Arial&quot;,sans-serif;color:blue;mso-fareast-language:HR">nsimpraga@iolap.com</span></a><span \
style="mso-fareast-language:HR"><o:p></o:p></span></p> </td>
</tr>
<tr>
<td style="padding:.75pt .75pt .75pt .75pt">
<p class="MsoNormal" \
style="mso-element:frame;mso-element-frame-hspace:2.25pt;mso-element-wrap:around;mso-e \
lement-anchor-vertical:paragraph;mso-element-anchor-horizontal:column;mso-height-rule:exactly">
 <span style="font-size:9.0pt;font-family:&quot;Arial&quot;,sans-serif;mso-fareast-language:HR">&nbsp;<img \
border="0" width="6" height="9" style="width:.0625in;height:.0937in" \
id="x_x_Picture_x0020_7" src="cid:image007.png@01D59EB4.4D232B30" \
alt="cid:5049f852-647c-4fa6-8180-be79f50c03e5">&nbsp;  &nbsp;&#43;385 (0) 95 <span \
style="color:#3E3E3E">9</span></span><span \
style="color:#3E3E3E;mso-fareast-language:HR">22</span><span \
style="font-size:9.0pt;font-family:&quot;Arial&quot;,sans-serif;mso-fareast-language:HR">
 <span style="color:#3E3E3E">7</span></span><span \
style="color:#3E3E3E;mso-fareast-language:HR">170</span><span \
style="mso-fareast-language:HR"><o:p></o:p></span></p> </td>
</tr>
</tbody>
</table>
</div>
</td>
</tr>
</tbody>
</table>
<p class="MsoNormal"><span lang="EN-US" \
style="color:black;mso-fareast-language:HR">&nbsp;</span><span lang="EN-US" \
style="mso-fareast-language:HR"><o:p></o:p></span></p> <p class="MsoNormal"><span \
lang="EN-US" style="mso-fareast-language:HR">&nbsp;<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US" \
style="mso-fareast-language:HR">&nbsp;<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US" \
style="mso-fareast-language:HR">&nbsp;<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US" \
style="mso-fareast-language:HR">&nbsp;<o:p></o:p></span></p> <p \
class="MsoNormal"><span lang="EN-US" \
style="mso-fareast-language:HR">&nbsp;<o:p></o:p></span></p> <p \
class="MsoNormal"><b><span lang="EN-US" \
style="mso-fareast-language:HR">&nbsp;</span></b><span lang="EN-US" \
style="mso-fareast-language:HR"><o:p></o:p></span></p> <p \
class="MsoNormal"><o:p>&nbsp;</o:p></p> </div>
</body>
</html>


["image001.png" (image/png)]
["image002.png" (image/png)]
["image003.png" (image/png)]
["image004.png" (image/png)]
["image005.png" (image/png)]
["image006.png" (image/png)]
["image007.png" (image/png)]

_______________________________________________
Snort-users mailing list
Snort-users@lists.snort.org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

	To unsubscribe, send an email to:
	snort-users-leave@lists.snort.org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette

--===============8660852106700216810==--

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic