Are there any conflicts with running Squid + Squidguard + snort?



  • I have squid and squidguard currently running on 2.1.5-RELEASE (amd64). Are there any issues with running snort in conjunction with these packages?



  • None that I've ever noticed. Just keep in mind that Snort and Squid are memory hogs. Particularly Snort. My firewall is running 8GB of RAM and I use anywhere between 50 and 90% of it. So if you're going to run all the above you'll need a fair amount of RAM and if you run snort against your local LAN you'll need to use the LOWMEM setting in snort on that interface or you'll use at least 4GB of RAM alone on that interface. Depending on how much you monitor for of coarse.


  • Banned

    I am running Squid and Snort…no issues. Squid is transparent.



  • Running one firewall with pfSense 2.1.5 (AMD64) + Squid (2.7.9) + SquidGuard (1.5_1.1 beta) + Snort + pfBlocker and have no issues. Proxy is NOT transparent.

    Running another firewall with pfSense 2.1.5 (i386) + Squid3-dev (3.3.10 pkg 2.2.8) + SquidGuard (1.4_4 pkg v.1.9.5) + Snort + pfBlocker and have no issues. Proxy is NOT transparent. ClamAV is not enabled as I get ICAP timeouts.

    Both are stable and responsive.

    Hth.


Log in to reply