[Snort-users] Snort Process Forking

Joel Esler jesler at ...1935...
Tue Sep 11 15:09:25 EDT 2012


On Sep 11, 2012, at 8:34 AM, "Turnbough, Bradley E." <bturnbough at ...15820....> wrote:

> Is it better to run one Snort process and monitor everything, or should I run XX processes (where XX is the number of cores) and have each process analyze different bits of traffic?

I think the answer is "Can one Snort process handle all the traffic I'm throwing at it?"

If not, then yes, PF_RING is your answer as far as that is concerned.
--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120911/4b9f34db/attachment.html>


More information about the Snort-users mailing list