RuggedRouter® User Guide
When the local syslog method is chosen, the destination log file may be selected.
When the alert file method is chosen, a daily analysis of the file can be emailed.
The SIDs referenced in alerts can be used to quickly locate the rule via the main Sort
IDS menu. The rule itself often contains HTML links to Internet resources such as
www.securityfocus.com and cve.mitre.org. These provide more in depth descriptions
of the vulnerability.
Performance And Resources
The performance impact of snort varies with the number of interfaces monitored, the
number of rules enabled, the packet rate and the logging method.
Snort has been empirically determined to use about 20% of the CPU clock cycles at its
maximum processing rate.
The router is capable of recording about 300 entries/second to the local syslog and
500 entries/second to the alert file. Alerts at rates exceeding the above rates will not
be recorded.
Snort will require 5 Mbytes of system memory to start with an additional 15 Mbytes
of memory for each interface monitored.
248 RuggedCom