[Snort-users] Myricom cards and multiple instances of Snort - how-to?

Glenn Forbes Fleming Larratt gl89 at ...1712...
Thu Sep 3 12:01:06 EDT 2015


Folks,

We have a set of listener hosts with Myricom cards and their Sniffer-10G 
driver.

In order to handle the quantity of traffic coming through, I need to 
compile/configure/fold/spindle Snort into running multiple instances in 
parallel per machine, and I'm not really getting how to do it. I've 
compiled Snort 2.9.7.0 thus:

   ./configure \
     --with-libpcap-includes=/opt/snf
     --with-libpcap-libraries=/opt/snf
     --with-daq-includes=/usr/local/include
     --with-daq-libraries=/usr/local/lib
   make
   make install

, but I suspect that I need to include PF_RING somehow, and can't figure 
out the interplay between Snort, PF_RING, and the Sniffer-10G driver.

Would anyone out there with a similar deployment have any insights they 
could share?

Thanks,
-- 
Glenn Forbes Fleming Larratt
Cornell University IT Security Office




More information about the Snort-users mailing list