bro machines
Vern Paxson
vern at ee.lbl.gov
Sun Jan 7 01:28:17 PST 2001
> I am about to build three Bro machines, and I'm trying to determine what
> hardware to buy. These machines will all monitor gigabit ethernet links
> and will be running FreeBSD-STABLE.
>
> Here's my first pass:
>
> 800 MHz PIII or better
> at least 2 64-bit PCI slots
> 256 MB RAM
> 3 x 40GB+ ATA100 HD
> ATAPI CD-ROM
> 10/100 Ethernet
> 2 x SysKonnect SK-9842 SK-NET GE-SX
> lame AGP SVGA card
>
> I'm a little bit uncertain about the IDE disk, but the 40GB disks are less
> than $200 each -- I can have over 100GB of logging space this way. I'm
> normally a SCSI bigot, but lately I'm not sure it's worth it in all
> applications.
All in all, that system looks good. The key question in general is just
how large a traffic stream will you be monitoring. The above should be
fine for a good-sized site (say 1000 hosts, in my experience). Much larger
and you'll want to increase the RAM.
> Are the SysKonnect cards the way to go?
That's what we use, generally to good effect. Others may work fine,
too, I don't know.
Vern
More information about the Bro
mailing list