[Snort-users] (no subject)
peter.bates at ...15381...
Thu Jun 21 14:14:30 EDT 2012
-----BEGIN PGP SIGNED MESSAGE-----
On 21/06/2012 17:49, Kungu Panda wrote:
> Not sure why anyone would need multiple instances of snort to
> achieve the same result. In fact, it would seem to be wildly
> inefficient to run multiple instances of snort to inspect the same
> traffic. Of course, you may have systems and cpu's to burn.
Oh, I'd agree 100% - but I have more than a Gig of traffic to inspect
on a 10G link and I'm needing a bit more horsepower.
I guess I should have said I'm mostly following:
The NIC has 8 RX queues which PF_RING hashes to 8 CPU cores
- - as a result you have to run x instances of Snort.
Senior Computer Security Officer Phone: +44(0)2076792049
Information Services Division Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----
More information about the Snort-users