On Fri, 3 Sep 2004 13:50:27 -0400, Greg Brown <gregbrown at mindspring dot com> wrote:
> I recall seeing someone on the list who said they had combined M0n0wall
> and snort.  Does a combined m0n0/snort image exist?  Is snort
> configurable via the same web interface as m0m0?  Before my former
> employer, Oculan, died an ugly death we sold an appliance that had
> Snort running under the covers.  I recall that snort took up quite a
> bit of processor time sniffing all those packets.  Does the combined
> snort/m0n0 image require something stronger than a soekris box?
> 
> My soekris boards should be here today.  :) :) :) I can't wait to get
> home, load them up, and start tinkering with them.


Links to snort image in this post to mailing list:
http://m0n0.ch/wall/list/?action=show_msg&actionargs[]=80&actionargs[]=88

Note that there isn't a Soekris image, but there is a WRAP image. 
Lack of RAM on the Soekris boards may be an issue (though WRAP isn't
much better, it at least supports 128 MB rather than only 64 MB).  The
WRAP boards are very similar to the Soekris 4801.

It's difficult to effectively run the latest Snort with something as
slow as a 4501 and especially with only 64 MB RAM when you don't have
any swap space.  (not knocking on the 4501's, I have deployed a ton of
them, they just aren't designed to run full blown IDS systems)

-Chris