>Everybody knows why Snort executes with more than one
>processes(threads), what are their functions one by one!?

My advice can be summed up in three words.. "read the source"...

I can't see why you'd need to know this unless you were already working 
with the source code anyway.

might I suggest grepping the code for "pthread" as a starting point?

I *think* that OLD snort used to do one thread per interface, and that the 
mysql code also cranks off threads, but current snort 2.0.0 only seems to 
do one thread plus mysql stuff... however I could be wrong, so if you 
really need to know the exact number of threads and why they are there, 
read the source code.

My copy of snort 2.0.0 only appears to have one thread, and it does not use 
sql logging.

