[Snort-users] snort processes

Derya Sezen funky at ...8796...
Thu Jun 19 15:09:06 EDT 2003


pardon me, i'd rather to say "anybody" instead of "everybody" in my
question:)

for multi interface support there's a libpcap patch which accept "any"
as interface, so i think it does need a synchronized process, no?

For mysql queries, i think it must wait the queries to finish to
continue sniffing, so it can also need a synchronization, but as you
said, version 2.0 works only with one process, but i remember i saw
Snort working with more than one thread in a version below 2, not clear
which...

I'm curious if it would be more effective running Snort as
multi-threaded...

On Thu, 2003-06-19 at 02:58, Matt Kettler wrote:
> At 01:45 AM 6/19/2003 +0300, Derya Sezen wrote:
> 
> >Everybody knows why Snort executes with more than one
> >processes(threads), what are their functions one by one!?
> >
> >thanx
> 
> 
> My advice can be summed up in three words.. "read the source"...
> 
> I can't see why you'd need to know this unless you were already working 
> with the source code anyway.
> 
> might I suggest grepping the code for "pthread" as a starting point?
> 
> I *think* that OLD snort used to do one thread per interface, and that the 
> mysql code also cranks off threads, but current snort 2.0.0 only seems to 
> do one thread plus mysql stuff... however I could be wrong, so if you 
> really need to know the exact number of threads and why they are there, 
> read the source code.
> 
> My copy of snort 2.0.0 only appears to have one thread, and it does not use 
> sql logging.
> 
> 
> 
> -------------------------------------------------------
> This SF.Net email is sponsored by: INetU
> Attention Web Developers & Consultants: Become An INetU Hosting Partner.
> Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
> INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- 
Derya Sezen
funky at ...8796...

"The software said it requires Windows or better, so I installed
Linux..."





More information about the Snort-users mailing list