[Oisf-users] Hardware considerations
Josh White
josh at securemind.org
Wed Jan 4 20:07:07 UTC 2012
I 2nd that. I'm able to do ~1400 rules on a 1Gbps mostly saturated link
with 12 cores and 32 GB of RAM.
On Wed, Jan 4, 2012 at 11:00 AM, Martin Holste <mcholste at gmail.com> wrote:
> My rule of thumb is one CPU per 100 Mb/sec and 2 GB RAM per 1000
> rules. So, you could monitor 100 Mb/sec using a ruleset of 1000 rules
> on a single CPU with 2 GB RAM. Assuming you want to run a large
> ruleset of 8000 rules on 500 Mb/sec, you'll need 5 CPU's and 16 GB
> RAM. So, I'd go with at least a 6-core CPU and as much RAM as you can
> stuff in there. CPU and RAM are so cheap now, that the short answer
> is always buy as much as you can. We run Dell R710's which are fully
> loaded with 16 logical CPU, 144 GB RAM and 10 TB usable disk, and we
> got them for under $15k. You can go on Newegg and put together a
> pretty awesome system for under $5k, so it's really more about systems
> management requirements than hardware specs. Granted disk prices are
> up in the air now due to the Thai floods, but CPU/RAM are still
> incredibly commoditized.
>
> On Wed, Jan 4, 2012 at 9:48 AM, Jonathan Ben-Joseph <jbenjos at gmail.com>
> wrote:
> > Hello folks,
> >
> >
> > First time poster here, long time lurker.
> >
> >
> > Any suggestions on what kind of hardware should be utilized to run
> Suricata
> > effectively considering something like 500 Mbps of sustained traffic?
> What
> > RAM, CPU, etc. would be sufficient?
> >
> >
> > Thanks,
> >
> > Jonathan
> >
> >
> > _______________________________________________
> > Oisf-users mailing list
> > Oisf-users at openinfosecfoundation.org
> > http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> >
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20120104/bfe5e99a/attachment-0002.html>
More information about the Oisf-users
mailing list