hello i thought of deploying snort to see who is trying to hack my system and by what means. my server is composed of celeron 333/128mb/4gb is that hardware enough for snort? i thought of using mysql for log storage as it would be easier to generate reports from there with php and gd :) but will it be to heavy for my server to handle that? currently i do not have any services running on it and in the future i doubt that there would be many services, maybe mail scanning and some small web pages but none more so that hardware combination should easily handle that load :) but dunno about snort. when i look at the logs /var/log/warn & messages i see lots of drops by SFW, i counted the hits and ironically ive had the system up for 2 days and it has not been listed anywhere and yet there have been over 2000 scans and about 50 advanced penetration attempts via ftp :) thanks goodness that pureftp is secure :) what would be the best way to configure such a hardware with snort since snort can do many things. i noticed that each time i restarted snort it disconnected me for about 1minute during that period i was not able to establish any connection to the server. but it got up later on, is that due to some sort of buffering or is snort too heavy to run on that hardware? please let me know what your experience with snort is :) regards Matice