[Oisf-users] [Emerging-Sigs] OT - planning hardware purchase for IDS...

[Will Metcalf]

> We are about to put in cap-ex request for 4 new boxes for monitoring stations -- we will be testing out suricata and will get at least one with a GPU.   At the moment we are looking at quad core boxes (DELL or IBM 1U) with at least 4GB memory. > We intend to run argus and and IDS ;)   ( boxes will run some flavour of linux..)
If you can afford it, get Xeon 55xx series chips.  Nehalem is freaking
sweet.  This isn't your p4 era hyper-threading you can almost treat
the HT like another core.

> Anything we should be aware of (like how much memory on GPU ?).
Can't help you there, Anoop? GNORT guy's? any advice on the GPU stuff?

> Also do folk have favourite NICs (1GB and 10GB)  We can't afford Endace although we do have some research boxes with Endace cards...
I have always had really good luck with Intel, and I can vouch for the
e1000e PF_RING aware driver.  I think Luca also recently added DNA
support for some Intel cards in PF_RING.

Regards,

Will