@Creideiki I've been using it for a while and can confirm it's a great tool.
Combined with a switch that supports mirroring a port (so that SecurityOnion can listen on all traffic to and from the router, without sitting physically between the switch and the router) it really gets the job done.
@rysiek I'm wondering how small a piece of hardware it could be made to run on.
"Oh, you think something suspicious is going on right now? *plugs in NUC* Let's see what the IDS says..."
@Creideiki I'm running it on a T440, but pretty sure it would run pretty comfortably on a x240. CPU doesn't seem to be too hogged (apart from when updating stuff). The resources that seem to be in highest demand are:
1. RAM (it's n 8GiB machine and it's running with ~1GiB free, i.e. razor-thin margin)
2. disk space for all the pcaps and whatnot.
So I guess a NUC with a crap-ton of RAM and a large SSD would do, yes. Although I find it a great way to use old laptops.
@Creideiki also, obviously, it all depends on the size of the network you're monitoring and network traffic you're handling. I am talking about a medium-sized office network there.
Server run by the main developers of the project It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!