I am about to build three Bro machines, and I'm trying to determine what
hardware to buy. These machines will all monitor gigabit ethernet links
and will be running FreeBSD-STABLE.Here's my first pass:
800 MHz PIII or better
at least 2 64-bit PCI slots
256 MB RAM
3 x 40GB+ ATA100 HD
ATAPI CD-ROM
10/100 Ethernet
2 x SysKonnect SK-9842 SK-NET GE-SX
lame AGP SVGA cardI'm a little bit uncertain about the IDE disk, but the 40GB disks are less
than $200 each -- I can have over 100GB of logging space this way. I'm
normally a SCSI bigot, but lately I'm not sure it's worth it in all
applications.
All in all, that system looks good. The key question in general is just
how large a traffic stream will you be monitoring. The above should be
fine for a good-sized site (say 1000 hosts, in my experience). Much larger
and you'll want to increase the RAM.
Are the SysKonnect cards the way to go?
That's what we use, generally to good effect. Others may work fine,
too, I don't know.
Vern