network security with snort and syslog on plug computer

[amrogers3]

I am researching using a plug computer device for a syslog-ng server. I have a Snort box and I would like to buy either a sheevaplug, guruplug, or guruplug server for a syslog-ng server install.

I plan on installing Barnyard 2 on Snort box and sending logs to syslog-ng server on the plug device via the ethernet port.

Couple questions:

• Would the sheevaplug be able to handle logs from a snort box with traffic coming from a max of 5 computers (home network)
• Do I need any other equipment to program the plug?

I plan on attaching an external hard drive to the plug to store logs.

 

[AMD_Gamer]

Well maybe you can only have logs of the events you want being reported?

 

[Jgedeon]

If only snort logs are going to it, then your IDS server will be busier than your Syslog Server.

 

[amrogers3]

Yes, that's the idea. I only want snort logs going to it. It's on a home network and I want to tune Snort so I am not getting flooded with alerts/logs.

I'll send and receive log info using Barnyard 2 on the Snort box, so I will do the actual log analysis on the Snort install. I'll just be pushing and pulling logs to/from the plug.

You guys think the plug could handle it?