[Snort-users] snort processes
funky at ...8796...
Thu Jun 19 15:09:06 EDT 2003
pardon me, i'd rather to say "anybody" instead of "everybody" in my
for multi interface support there's a libpcap patch which accept "any"
as interface, so i think it does need a synchronized process, no?
For mysql queries, i think it must wait the queries to finish to
continue sniffing, so it can also need a synchronization, but as you
said, version 2.0 works only with one process, but i remember i saw
Snort working with more than one thread in a version below 2, not clear
I'm curious if it would be more effective running Snort as
On Thu, 2003-06-19 at 02:58, Matt Kettler wrote:
> At 01:45 AM 6/19/2003 +0300, Derya Sezen wrote:
> >Everybody knows why Snort executes with more than one
> >processes(threads), what are their functions one by one!?
> My advice can be summed up in three words.. "read the source"...
> I can't see why you'd need to know this unless you were already working
> with the source code anyway.
> might I suggest grepping the code for "pthread" as a starting point?
> I *think* that OLD snort used to do one thread per interface, and that the
> mysql code also cranks off threads, but current snort 2.0.0 only seems to
> do one thread plus mysql stuff... however I could be wrong, so if you
> really need to know the exact number of threads and why they are there,
> read the source code.
> My copy of snort 2.0.0 only appears to have one thread, and it does not use
> sql logging.
> This SF.Net email is sponsored by: INetU
> Attention Web Developers & Consultants: Become An INetU Hosting Partner.
> Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
> INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
funky at ...8796...
"The software said it requires Windows or better, so I installed
More information about the Snort-users