Community discussions

MikroTik App
 
User avatar
anav
Forum Guru
Forum Guru
Topic Author
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Docker + Snort ?

Thu Nov 03, 2022 12:57 am

Is this doable? Is Snort actually useful?
 
holvoetn
Forum Guru
Forum Guru
Posts: 5321
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Docker + Snort ?

Thu Nov 03, 2022 9:37 am

User requirements? :lol:
 
User avatar
jvanhambelgium
Forum Veteran
Forum Veteran
Posts: 985
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: Docker + Snort ?

Thu Nov 03, 2022 12:00 pm

User requirements? :lol:
8) 8) 8) 8) 8)
 
User avatar
anav
Forum Guru
Forum Guru
Topic Author
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Docker + Snort ?

Thu Nov 03, 2022 12:33 pm

Shut Down / Avoid future Fortinet advertisements LOL.
Both of you are charged with wasteful carbon usage for nonsensical posts!
If you don't have experience in subject matter, input not required.
 
holvoetn
Forum Guru
Forum Guru
Posts: 5321
Joined: Tue Apr 13, 2021 2:14 am
Location: Belgium

Re: Docker + Snort ?

Thu Nov 03, 2022 12:41 pm

Isn't pihole better suited for that ?
From what I can see, Snort is more for network intrusion detection.

OTOH if you need Snort for detecting network intrusion, your firewall may not be up to par :D
 
User avatar
anav
Forum Guru
Forum Guru
Topic Author
Posts: 18958
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: Docker + Snort ?

Thu Nov 03, 2022 4:51 pm

 
User avatar
jvanhambelgium
Forum Veteran
Forum Veteran
Posts: 985
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: Docker + Snort ?

Thu Nov 03, 2022 5:14 pm

Isn't pihole better suited for that ?
From what I can see, Snort is more for network intrusion detection.
OTOH if you need Snort for detecting network intrusion, your firewall may not be up to par :D
True ;-)
@anav, you did not specify the bigger context ; Offcourse "Snort" can run on/in a container, but did you mean : "run SNORT on a container ON a Mikrotik ??"
In that case I don't think it will fly...its very resource-hungry and only if you run like a CHR on a x64 servers with lots of resources you might consider this...

Also remember that SNORT is a single-threaded application...you need multiple instances and complex setup to really scale well.
 
User avatar
woland
Member Candidate
Member Candidate
Posts: 258
Joined: Mon Aug 16, 2021 4:49 pm

Re: Docker + Snort ?

Thu Nov 03, 2022 5:53 pm

Indeed: use Suricata instead, that supports multithreading.
BUT: I am running suricata on an Intel desktop CPU 6 cores @3,8 GHz for a cable uplink link with 160MBps. The box has 16G RAM. (That replaced an older 4 core Intel box, which was too slow.)
I admit, that runs a lot of other stuff as well, but this is the kind on HW Suricata/Snort likes to run on. It is also picky with the interface cards.
Also one more aspect: without breaking up all HTTPS sessions, IPSes are almost useless.
So with the energy prices today I will just stop using it and replace my shiny home FW box with all the bells and whistles by an RB5009, without IPS.
I will probably save the money I spend on the RB5009 on the electricity bill very soon.

Who is online

Users browsing this forum: lecyborg and 5 guests