Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Should I use Snort?

    Scheduled Pinned Locked Moved pfSense Packages
    7 Posts 3 Posters 3.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      giantjoebot
      last edited by

      My pfsense system is going to be for a home network.  Once I get it configured I will probably rarely check in on it.  I'll most likely just check in on it every once and a while to make sure everything is running smoothly, and to see the resource usage, and squid usage.

      I heard that Snort can be a resource hog.  The more security the better, but on my home network speed is the most important thing to me.

      So with all this in mind, should I run Snort or not?

      1 Reply Last reply Reply Quote 0
      • G
        giantjoebot
        last edited by

        No one has an opinion on this?

        1 Reply Last reply Reply Quote 0
        • Cry HavokC
          Cry Havok
          last edited by

          You don't give enough information for anybody to say.  Your choice of hardware will make a difference to whether or not you can run snort.  The choice of whether or not to run it however is entirely yours…

          1 Reply Last reply Reply Quote 0
          • S
            shiftyjoe
            last edited by

            Snort for the most part is just FYI, while it can block the ip for sixty minutes, it's mainly just reports activity that "might" be bad.  My snort let's me know that the spammer virus knocks on my door at least twenty times a day….  I've got system to spare, so I like to have it running (See this post on how to run it in ac-bnfa for best performance with lest memory usage http://forum.pfsense.org/index.php/topic,7028.0.html)

            But it's an extra package for a reason, it's up to you if you want it running.

            Running pfSense with Celeron @966Mhz w/ 1gb ram, 80GB IDE/ATA Harddrive, and two intel desktop pro 10/100.

            1 Reply Last reply Reply Quote 0
            • G
              giantjoebot
              last edited by

              My system specs

              2.14 Celeron (socket 478)
              1GB DDR333
              80GB WD 7200rpm HDD
              Micro ATX ASRock Intel chip based motherboard
              Intel NIC
              Intel gigabit NIC
              D-link wireless NIC

              on the LaN there are 2 desktops, and a media server (HTPC with extra programs running for downloading, and media streaming)

              But will enabling Snort affect the performance of my pfsense box at all, or does it just use up RAM?

              1 Reply Last reply Reply Quote 0
              • Cry HavokC
                Cry Havok
                last edited by

                Enabling any package will have a performance impact.  Enabling snort, which inspects every packet will have a performance impact, the exact details of which will depend on how you configure snort and the bandwidth and traffic profiles.

                Certainly your hardware should cope with a default configuration of snort given what you've said.  You will however want to customise it to remove all rules that are irrelevant to you to keep overheads to a minimum.

                1 Reply Last reply Reply Quote 0
                • G
                  giantjoebot
                  last edited by

                  unfortunately I'm not sure how to do that, or which rules I should or should not use, but I'm sure I could figure it out.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.