[Snort-users] Threaded Snort

Frank Knobbe FKnobbe at ...649...
Mon Mar 19 11:59:49 EST 2001


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

No, but depending on your traffic pattern and network layout, you can
use filtering via BPF and set up multiple hosts (not just CPUs) with
snort. Host A would have the traffic filtered to... let's say half
your subnet, while host B is filtering for the invert of host A.

Or launch a second snort process on the second CPU.

Regards,
Frank

> -----Original Message-----
> From: Siddhartha Jain [mailto:s_i_d_j at ...131...]
> Sent: Monday, March 19, 2001 10:24 AM
> 
> What i'd like to point out is that as my traffic grows and my CPU
> utilization increases what will i do? Because adding CPUs 
> probably won't
> help. Doesn't this kind of limit Snort? From what i 
> understand, threaded
> applications scale well. Am i wrong?
> I am using SnortSnarf to do reporting but that doesn't seem 
> to be threaded
> either and it goes upto 60% utilization for logs worth just 6MB.
> Again having mutiple CPUs doesn't seem to help. Or does it?
> 
> Siddhartha
> 

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME encrypted email preferred.

iQA+AwUBOrY7BZytSsEygtEFEQJ3TACY3wlcbMbuQbR3pCkdz6o3BbKYHgCdHs8B
dTIpVyr0vULqokMexnEBM3s=
=0qvz
-----END PGP SIGNATURE-----




More information about the Snort-users mailing list