[Oisf-users] Low End Hardware
Peter Fyon
peter.fyon at gmail.com
Fri Apr 24 10:56:04 UTC 2015
Thanks for the guideline. I guess I'll just have to test some hardware and
see how it runs.
On Apr 21, 2015 3:09 PM, "Peter Manev" <petermanev at gmail.com> wrote:
> On Tue, Apr 21, 2015 at 7:16 PM, Cooper F. Nelson <cnelson at ucsd.edu>
> wrote:
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > A good rule of thumb is that if you want to run the full ET feed you
> > need 1 core per 50 mbit of traffic.
>
> I think it really depends on the traffic type and the particular set up.
>
> I have run full ET feed on 1Gbps pipes with much less HW than 1 core
> per 50mbit (aka 20 cores on 1 Gbps)
> (plus a core can be for example anything form 1.8 to 3.8GHz and more -
> and that really makes a difference as well )
>
> >
> > On 4/21/2015 4:27 AM, Peter Fyon wrote:
> >> Hey everyone,
> >>
> >> I'm looking to upgrade my snort setup at home to suricata. At the same
> >> time, I'm planning on upgrading hardware.
> >>
> >> Unfortunately, the only benchmarks I can find are from back in 2011 or
> >> for setups handling substantially more traffic than I need (10gbit).
> >>
> >> I was hoping some of you could give me examples of the hardware you're
> >> using, number of signatures, and the throughput you see.
> >>
> >> My current box is an old netbook with a first gen atom cpu. With snort +
> >> nfqueue and 20000 signatures, it starts dropping packets around 25 mbit
> >> and multiple sessions. My ideal box would be able to handle
> >> ~700-1000mbit, with fewer signatures.
> >>
> >> On the note of hardware, is it better to focus on more cores or higher
> >> cpu speed?
> >>
> >> Thanks,
> >> Peter
> >>
> >>
> >>
> >> _______________________________________________
> >> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> >> Site: http://suricata-ids.org | Support:
> http://suricata-ids.org/support/
> >> List:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> >> Suricata User Conference November 4 & 5 in Barcelona:
> http://oisfevents.net
> >>
> >
> >
> > - --
> > Cooper Nelson
> > Network Security Analyst
> > UCSD ACT Security Team
> > cnelson at ucsd.edu x41042
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v2.0.17 (MingW32)
> >
> > iQEcBAEBAgAGBQJVNoX/AAoJEKIFRYQsa8FWp/gH/3LH1iJTYR1qDXXKV3niXX5x
> > 3OLN5dPOZoFHqALur2SuyYrL2BwpfR+wahIiaT8mem8rvw5g1wt/36clDi+nvZ8R
> > 5yFcs2tpFj0xhFrt08Vucn+Mx+M22d8+Q8F4sHJEx7hYtr4/c4/K88rXUHjwprBH
> > 0jRYdrYYcizBamIbj3bx6eth7Mhj/xifeiJXB2ONtrMDZgs6Iy1zD8qxhc1OTwuM
> > 4sao0dfdCQvoWQj9XgAbwR8lPz3Xhl0oyCM8xg9ndfwbNa6F2pyF2sgFwkXgOU/m
> > Wa2LHdwq6g1IzB5wYc7blFeFov1Pqwyz/rBf8qknJCrUCBZ/fsIsdaZ0bJ50kwo=
> > =72Ks
> > -----END PGP SIGNATURE-----
> > _______________________________________________
> > Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> > Site: http://suricata-ids.org | Support:
> http://suricata-ids.org/support/
> > List:
> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> > Suricata User Conference November 4 & 5 in Barcelona:
> http://oisfevents.net
>
>
>
> --
> Regards,
> Peter Manev
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20150424/a05fb5e9/attachment-0002.html>
More information about the Oisf-users
mailing list