Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Snort alternative for U5 network traffic monitoring?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Gentoo on Sparc
View previous topic :: View next topic  
Author Message
confusion
Tux's lil' helper
Tux's lil' helper


Joined: 24 Mar 2004
Posts: 132

PostPosted: Sun Apr 23, 2006 10:44 pm    Post subject: Snort alternative for U5 network traffic monitoring? Reply with quote

Hi there, i'm looking for a network traffic monitoring solution for my home network. Simply put, i'd like to know what hosts are using most of the bandwidth at what times, what protocols they predominantly use aswell as a history (im thinking graphs) of network use. I'd also like some kind of intrusion detection.

Up until recently my U5 has been running (really reliably i might add) as my mail server, my router, my firewall, my dns server, and my webserver (for webmail). I see that snort is not supported on sparc at the minute, so im after alternatives.

Even if you guys just point me in the direction of some docs to read i'd appreciate it. I'm new to the whole network monitoring thing and the pleathora of packages is a little confusing. I'd really like not to have to retire my 400mhz U5 in favour of a 650mhz PIII.

Cheers guys,

John
Back to top
View user's profile Send private message
Weeve
Retired Dev
Retired Dev


Joined: 30 Oct 2002
Posts: 641

PostPosted: Mon Apr 24, 2006 12:08 am    Post subject: Reply with quote

The more recent versions of snort may be usable on SPARC again. I haven't had time to test them extensively, but often things like port scans used to cause snort to seg fault quite regularly in the past. My initital testing showed favorable results.

The only NIDS alternative that comes to mind at the moment would be prelude-nids, which was deprecated by the prelude folks in favor of snort.
Back to top
View user's profile Send private message
kyphros
n00b
n00b


Joined: 20 Jan 2006
Posts: 10

PostPosted: Mon Apr 24, 2006 5:43 pm    Post subject: Reply with quote

Snort works ok on Sparc. I find that 2.4.x crashes occasionally, so you'll want a watchdog to restart it when it dies. 2.3.x works pretty well.

If all you care about is traffic flows, use ntop. Great piece of software, but it gets flaky when you start monitoring ~200mbps+
Back to top
View user's profile Send private message
Weeve
Retired Dev
Retired Dev


Joined: 30 Oct 2002
Posts: 641

PostPosted: Tue Apr 25, 2006 12:03 am    Post subject: Reply with quote

Just out of idle curiosity, what kernel are you running where you see snort 2.4.x crash? I have no reason to believe this necessarily has anything to do with it, but just wanted to collect a little more info.
Back to top
View user's profile Send private message
Toady
Apprentice
Apprentice


Joined: 21 Dec 2004
Posts: 161
Location: South Wales, UK

PostPosted: Tue Apr 25, 2006 2:20 pm    Post subject: Reply with quote

I run ntop on my box - runs ok on 2.4.31 ;)
_________________
Toady

Gentoo Laptop
3.1.10-gentoo-r1, Intel Core 2 Duo (32bit)
Gnome on the desk, Intel in the box, on-board everything, but it all works!
Back to top
View user's profile Send private message
krugger
n00b
n00b


Joined: 14 Sep 2003
Posts: 10

PostPosted: Tue Apr 25, 2006 4:25 pm    Post subject: Reply with quote

I haven't done any sort of network statistics, but maybe Iptraf would be a nice option.
Back to top
View user's profile Send private message
kyphros
n00b
n00b


Joined: 20 Jan 2006
Posts: 10

PostPosted: Fri Apr 28, 2006 9:58 pm    Post subject: Reply with quote

Snort 2.4 won't run properly on the Sparc, whether it's Linux or Solaris. It doesn't run great on an x86_64 box either, so I imagine it's something wrt 32 vs 64 bit.

For the record, the v210s I'm using it on are running gentoo-sources-2.6.15-r1.
Back to top
View user's profile Send private message
gust4voz
Retired Dev
Retired Dev


Joined: 09 Sep 2003
Posts: 373
Location: Buenos Aires, Argentina

PostPosted: Fri Apr 28, 2006 11:24 pm    Post subject: Reply with quote

Give 2.6.16-gentoo-r4 a spin on your v210 - it should run MUCH better than the 2.6.15 series (specially wrt to that nagging "eat my memory" issue on dual UltraSPARC-IIIi boxes). Oh yeah, and you can dual-bank the memory too.
_________________
Gustavo Zacarias
Gentoo/SPARC monkey
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Gentoo on Sparc All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum