The Best Distro to run Snort

just curious which is preferred...that is if there is a preferred?

there are none

Do you mean there isn't a difference or that you just don't like running snort? I am also looking for ease of setup (not of the os...just for installing snort). Thanks for responses!

Anyone with any thoughts on this? Anything would be helpful.

Looking at the Snort pages, they seem to recommend Redhat, Solaris, FreeBSD and Windows 2000 - at least that is what they seem to install on. If Snort is to be run on it's own, you need a smallish distro with very little running, which you can then strip down.

What do you want to run it on?

Thanks for the help XP...I was looking at RedHat, but a friend of mine who is more skilled in linux likes mandrake and slackware. I looked at snort.org and couldn't find anything on mandrake or slackware, just redhat. Just curious what other people, with much more expierence than myself thought. RedHat was my first choice though, mostly because i could find more info on snort.org about it.

Go with redhat - if you don't like it, change it. I've never run it, so have no first hand advice to offer.

Well i will give it a shot...we already have a slackware and a redhat machine up so we will experiment and i will try to post back after my experience for future reference.

p.s. i read back through the rules...sorry i missed that one

You are not the first to do a double post and you certainly won't be the last

You could put your report in the LQ success stories or security forum - it's possible it could even be made a sticky.....

ClarkConnect runs on Redhat (RedHat based) and already has snort setup and ready to go. They have a good web interface too. Its a small download so try it. You can update it with the RedHat repositories too.

As far as snort is concerned there is no preference as to what Linux you run on. There are packages available for Debian, Slackware and it's in the Gentoo portage. It's in FreeBSD ports and OpenBSD ports. You can install it on any distribution or BSD that you like.

Once the installation is complete they are vitually the same. If you want to run snort on a gateway box then you better make sure it is tuned well, depending on the amount of traffic. If you have the capability I would run snort on a linux/BSD box connected to a switch that allows port monitoring, that way it would be dedicated.

Here is a link so you get the idea:
http://www.cisco.com/warp/public/473/41.html

Thanks a ton guys....more research and some expirementing to do now Keep those helpful hints comeing! Thanks again!

While informative to say the least, that's not really newbie-ized info. A true "trial by fire".

I've been burned atleast once by almost everything......snort would not be the first! Thanks for the warning though. I have other expertise help as well So i cant get burned but so bad!