I am in the process of building a Network sensor using FreeBSD 8.0. The server will be built on a Dell 2950 with (2) Quad Core Procs, 8gigs of memory and at this time, just a single RAID 1 drive with 146gigs memory. Eventually, I will be adding a second RAID volume with RAID 0 for optimal performance. This is where I will write the data.
This server also has 4 NIC's in it, 2 on board and 2 added via PCI card. All 4 NIC's are gig nics.
Now, I built the server and I am looking for some tips for optimizing capturing traffic, using tcpdump and snort. I was looking around trying to find some additional information on perhaps kernel tuning, but havent found anything.
Anyone have any tips or tricks for optimizing this box? A lot of traffic will be flowing through this box (in passive mode) and want to make sure I can see all of it.
I appreciate the help.
This server also has 4 NIC's in it, 2 on board and 2 added via PCI card. All 4 NIC's are gig nics.
Now, I built the server and I am looking for some tips for optimizing capturing traffic, using tcpdump and snort. I was looking around trying to find some additional information on perhaps kernel tuning, but havent found anything.
Anyone have any tips or tricks for optimizing this box? A lot of traffic will be flowing through this box (in passive mode) and want to make sure I can see all of it.
I appreciate the help.