[Snort-users] How to enable multi-thread processing with Snort3?

Li, Ricky ricky.li at ...1966...
Tue Apr 21 11:22:32 EDT 2015


Hi,

I'm trying to run snort3 with multi-thread processing feature, I tried with this command:

$my_path/bin/snort -i eth0 -c $SNORT_LUA_PATH/snort.lua -R $SNORT_LUA_PATH/sample.rules -A alert_fast --max-packet-threads 3

My expectation is that there could be 3 threads processing the packets simultaneously, but the Top monitoring output is like:

[root at ...17144... ~]# top -Hp 746
top - 15:12:43 up 51 min,  3 users,  load average: 0.44, 0.16, 0.23
Threads:   2 total,   1 running,   1 sleeping,   0 stopped,   0 zombie
%Cpu(s): 24.7 us,  0.3 sy,  0.0 ni, 50.7 id,  0.0 wa,  1.4 hi, 23.0 si,  0.0 st
KiB Mem:   4049676 total,   410984 used,  3638692 free,    11520 buffers
KiB Swap:        0 total,        0 used,        0 free,    85064 cached

  PID USER      PR  NI    VIRT    RES    SHR S %CPU %MEM     TIME+ COMMAND
  755 root      20   0  302260 236636   5808 R 97.5  5.8   0:21.69 snort
  746 root      20   0  302260 236636   5808 S  0.7  5.8   0:02.93 snort

Still only one thread busy running for processing the input packets, similar to what the Snort 2.X will do.
Is there any other options I need to specify to enable the multi-thread processing for Snort3? How can I enable it?

Regards,
Ricky


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20150421/2ceb9587/attachment.html>


More information about the Snort-users mailing list