[Snort-users] Multiple Snort Instances - One Interface

Jim Hranicky jfh at ...5250...
Mon Nov 1 11:52:26 EDT 2010


On Fri, 29 Oct 2010 13:40:08 -0500
Will Metcalf <william.metcalf at ...11827...> wrote:

> You will then have traffic load balanced across multiple snort
> processes based on flow. Enjoy drinking from the ids firehose ;-)...
> Also, you could also always checkout other err ummm open source IDS
> projects that support this functionality natively ;-)

Damn: 

--- /tmp/snort1.out ---
*** Caught Usr-Signal
Packet I/O Totals:
   Received:      2608501
   Analyzed:      2608501 (100.000%)
    Dropped:            0 (  0.000%)
   Filtered:            0 (  0.000%)
Outstanding:            0 (  0.000%)
   Injected:            0
--- /tmp/snort2.out ---
*** Caught Usr-Signal
Packet I/O Totals:
   Received:      2988261
   Analyzed:      2988261 (100.000%)
    Dropped:            0 (  0.000%)
   Filtered:            0 (  0.000%)
Outstanding:            0 (  0.000%)
   Injected:            0
--- /tmp/snort3.out ---
*** Caught Usr-Signal
Packet I/O Totals:
   Received:      2417539
   Analyzed:      2417539 (100.000%)
    Dropped:            0 (  0.000%)
   Filtered:            0 (  0.000%)
Outstanding:            0 (  0.000%)
   Injected:            0
--- /tmp/snort4.out ---
*** Caught Usr-Signal
Packet I/O Totals:
   Received:      2382326
   Analyzed:      2382326 (100.000%)
    Dropped:            0 (  0.000%)
   Filtered:            0 (  0.000%)
Outstanding:            0 (  0.000%)
   Injected:            0
--- /tmp/snort5.out ---
*** Caught Usr-Signal
Packet I/O Totals:
   Received:      2427689
   Analyzed:      2427689 (100.000%)
    Dropped:            0 (  0.000%)
   Filtered:            0 (  0.000%)
Outstanding:            0 (  0.000%)
   Injected:            0
--- /tmp/snort6.out ---
*** Caught Usr-Signal
Packet I/O Totals:
   Received:      2577258
   Analyzed:      2577258 (100.000%)
    Dropped:            0 (  0.000%)
   Filtered:            0 (  0.000%)
Outstanding:            0 (  0.000%)
   Injected:            0
--- /tmp/snort7.out ---
*** Caught Usr-Signal
Packet I/O Totals:
   Received:      2406892
   Analyzed:      2406892 (100.000%)
    Dropped:            0 (  0.000%)
   Filtered:            0 (  0.000%)
Outstanding:            0 (  0.000%)
   Injected:            0
--- /tmp/snort8.out ---
*** Caught Usr-Signal
Packet I/O Totals:
   Received:      2528434
   Analyzed:      2528434 (100.000%)
    Dropped:            0 (  0.000%)
   Filtered:            0 (  0.000%)
Outstanding:            0 (  0.000%)
   Injected:            0

That was 5 minutes ago...I'm now up to ~7M Received/Analyzed per process 
without a drop on any.

Wow. 

-- 
Jim Hranicky
IT Security Engineer
Office of Information Security and Compliance
University of Florida




More information about the Snort-users mailing list