[Snort-users] Multi-process Snort

Joel Esler jesler at ...1935...
Thu Aug 16 18:51:06 EDT 2012

On 14 Aug 2012, at 11:28, Marcos Rodriguez wrote:

> On Tue, Aug 14, 2012 at 11:19 AM, Pratik Narang
> <pratik.cse.bits at ...11827...>wrote:
>> Could the Sourcefire guys or experienced users throw some light on
>> scaling on Snort at high bandhwidths (order of GBps) by using a
>> multi-core system (4/8/16 cores) and running Snort as a 
>> multi-process?
>> Maybe someone could direct me to research papers or white papers...
> Hi Pratik,
> I would suggest Martin Holste's blog as a starting point:
> http://ossectools.blogspot.com/2011/07/running-load-balanced-snort-in-pfring.html
> It's a nice write-up and you can start experimenting quickly.   Hope 
> this
> helps!
> marcos

To be clear, it's multi-process Snort with load balanced traffic.  That 
being said, we're getting over 80 Gig a second with this in our 
commercial devices.

It's the same Snort though.

Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager

More information about the Snort-users mailing list