I run it. I sniff about 30MBit of traffic, and it pegs the CPU on a PIII 733. If I disable the defrag module, it goes down to about 20% utilization, but you won't get alerted on everything if you do that. I'm going to be ordering a couple of AMD 1.2Ghz thunderbirds boxes soon to do this, because I have one link that does about 45Mbit sustained during the day that I want to sniff, and I know the PIII won't handle it. If you set it up, make sure you set up ACID from the AirCert project also. It makes reporting and digging for the info you want much easier using a PHP interface and MySQL. Otherwise, you'll be digging through logfiles using grep. > -----Original Message----- > From: Ben Lutgens [mailto:blutgens at sistina.com] > Sent: Saturday, January 13, 2001 8:18 AM > To: tclug-list at mn-linux.org > Subject: Re: [TCLUG] Anyone running Snort? > > > On Sat, Jan 13, 2001 at 02:28:49AM -0600, Bob Tanner wrote: > >Is anyone running Sort? > > Yes. > > > > >I am looking for what type of resources a snort detector consumes. > > Negligible. I can paste in whatever stats you want. But it's > quite minimal > IMO. > > > >-- > >Bob Tanner <tanner at real-time.com> | Phone : (952)943-8700 > >http://www.mn-linux.org | Fax : (952)943-8500 > >Key fingerprint = 6C E9 51 4F D5 3E 4C 66 62 A9 10 E5 35 85 39 D9 > > > >_______________________________________________ > >tclug-list mailing list > >tclug-list at mn-linux.org > >https://mailman.mn-linux.org/mailman/listinfo/tclug-list > > -- > Ben Lutgens cell: 612.670.4789 > Sistina Software Inc. work: 612.379.5941 > Code Monkey Support (A.K.A. System Administrator) >