SNORT on embeded
-
Hey guys just wondering if theres a way to get SNORT on the embeded systems easily enough, im trying to convince my work to use PFSense but they want it in a network appliance form..not 1u server so we are looking at wrap boards to run PFSense+SNORT to be a monitoring node on a switchs SPAN port..any ideas?
-
1. Packages are disabled on embedded systems.
2. Snort requires 1 GB of ram, which most embedded systems do not have.You can certainly build a small computer that will run the live cd version. Micro ATX Motherboards work very well for this setup.
I currently have a micro atx computer running 1.0.1 with 1GB ram and a p4 processor. Its in the following case
http://www.newegg.com/Product/Product.asp?Item=N82E16811129019
which is fairly small. Works like a charm. I have 4 Nics and a wireless card. -
thanks…but that box is way too big to be a net appliance on rack...looking for a soekris or wrap size computer with 2 nics or a single dualport and maybe minipci....fyi ive ran a snort system on a 128mb RAM machiene..any reason why its so picky with PfSense? ive noticed even on a full tower 700mhz P3 it needs over 128 to not kernel panic at me
-
Not sure, Scott will have to chime in on that.
-
Bump, scott any ideas?
-
Ask the Snort guys. I really don't know.