Re: [Sguil-users] multiple sensor interfaces
Status: Beta
Brought to you by:
bamm
Menu
▾
▴
Re: [Sguil-users] multiple sensor interfaces
|
From: Brett C. <br...@wr...> - 2009-08-24 14:34:11
|
Edward, Just as a data point, I've got my server and three sensors (via Datacom Systems network taps) in a single box and it does very well for me. I'm interested in traffic coming and going on the networks in question (as opposed to what flies between servers on the same network). My respective pipes to the Internet *are* rather tame: one sensor grabs the traffic moving back and forth on a T1 while the other two cover two different segments both fed by a single DSL circuit. Still, the Intel Xeon 2.1 GHZ handles the traffic and database operations in fine style. In fact, the box also handles analyzing four additional sensors all on a single remote box (monitoring similar links). -- ******************************************************************** Brett Charbeneau, GSEC Gold, GCIH Gold Network Administrator Williamsburg Regional Library 7770 Croaker Road Williamsburg, VA 23188-7064 (757)259-4044 www.wrl.org (757)259-4079 (fax) br...@wr... ******************************************************************** On Mon, 24 Aug 2009, David J. Bianco wrote: DJB> Multiple sensors are doable in the sense that they are easy to set up. DJB> See the "Sguil on Red Hat HOWTO" on the NSMWiki for info on this. The DJB> configuration in that document allows for multiple sensors on a single DJB> system. DJB> DJB> The better question, though, is "Can your system keep up with line rate DJB> on 4 interfaces, plus do Sguil server and MySQL DB operations, all at DJB> the same time." Unless you have extremely slow network, the answer is DJB> probably "No." DJB> DJB> David DJB> DJB> Edward Dean wrote: DJB> > Good Morning! DJB> > DJB> > Came up with another question for all you bright folks on this list. DJB> > Due to some bizarre network infrastructure issues out of my control, I DJB> > am considering setting up a single system to act as a sguil server and 3 DJB> > sguil sensors. The system has 16 gigs of ram and LOTS of hard drive DJB> > space. I would plug each of the 3 sensor interfaces into a separate DJB> > network and use a 4th interface for the clients to connect to. DJB> > DJB> > I realize it would make more sense to use multiple boxes for this but DJB> > has anyone tried multiple sensors on one system? Any obvious issues? DJB> > DJB> DJB> ------------------------------------------------------------------------------ DJB> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day DJB> trial. Simplify your report design, integration and deployment - and focus on DJB> what you do best, core application coding. Discover what's new with DJB> Crystal Reports now. http://p.sf.net/sfu/bobj-july DJB> _______________________________________________ DJB> Sguil-users mailing list DJB> Sgu...@li... DJB> https://lists.sourceforge.net/lists/listinfo/sguil-users DJB> DJB> |