[Snort-users] half the net for multiple snort processes

Abe L. Getchell abegetchell at ...530...
Wed Nov 14 18:46:02 EST 2001


Hi Erek,

> 	If it's Linux....  IIRC, many moons ago it's SMP 
> ability sucked rocks. That may have changed, but I don't 
> know.  [Any Linux geeks out there, please speak up on this!]

SMP has improved greatly in Linux since 'many moons ago'.  Got a quad
proc PIII Xeon box that smokes through analyzing _large_ log files like
you wouldn't believe.  Anywho... There is, however, still no way in the
2.4 kernel to bind a process to a specific processor that _I_ know of;
if I'm wrong, please correct me and point me to the kernel patch!  I'd
love to have that functionality as well.  I've heard it may be included
in 2.5.

Windows 2000 Advanced Server, however, does have the ability to bind
processes to specific processors.  You can accomplish this task in 'Task
Manager'.  Works quite well actually.  I used this functionality to
squeeze the last little bit of performance out of a couple of Win2k
servers before they got Service Pack 'L'.

WARNING!!! The statement above is to be used for informational purposes
only.  I could not, due to recently uncovered security vulnerabilities
and the company's stand on disclosure issues, recommend that _any_
Microsoft products be used in your security infrastructure in _any way_.
WARNING!!!

Thanks,
Abe

--
Abe L. Getchell
Security Engineer
abegetchell at ...530...





More information about the Snort-users mailing list