Snort mailing list archives
Re: Multiple Snort Instances - One Interface
From: Jim Hranicky <jfh () ufl edu>
Date: Mon, 1 Nov 2010 11:52:26 -0400
On Fri, 29 Oct 2010 13:40:08 -0500 Will Metcalf <william.metcalf () gmail com> wrote:
You will then have traffic load balanced across multiple snort processes based on flow. Enjoy drinking from the ids firehose ;-)... Also, you could also always checkout other err ummm open source IDS projects that support this functionality natively ;-)
Damn: --- /tmp/snort1.out --- *** Caught Usr-Signal Packet I/O Totals: Received: 2608501 Analyzed: 2608501 (100.000%) Dropped: 0 ( 0.000%) Filtered: 0 ( 0.000%) Outstanding: 0 ( 0.000%) Injected: 0 --- /tmp/snort2.out --- *** Caught Usr-Signal Packet I/O Totals: Received: 2988261 Analyzed: 2988261 (100.000%) Dropped: 0 ( 0.000%) Filtered: 0 ( 0.000%) Outstanding: 0 ( 0.000%) Injected: 0 --- /tmp/snort3.out --- *** Caught Usr-Signal Packet I/O Totals: Received: 2417539 Analyzed: 2417539 (100.000%) Dropped: 0 ( 0.000%) Filtered: 0 ( 0.000%) Outstanding: 0 ( 0.000%) Injected: 0 --- /tmp/snort4.out --- *** Caught Usr-Signal Packet I/O Totals: Received: 2382326 Analyzed: 2382326 (100.000%) Dropped: 0 ( 0.000%) Filtered: 0 ( 0.000%) Outstanding: 0 ( 0.000%) Injected: 0 --- /tmp/snort5.out --- *** Caught Usr-Signal Packet I/O Totals: Received: 2427689 Analyzed: 2427689 (100.000%) Dropped: 0 ( 0.000%) Filtered: 0 ( 0.000%) Outstanding: 0 ( 0.000%) Injected: 0 --- /tmp/snort6.out --- *** Caught Usr-Signal Packet I/O Totals: Received: 2577258 Analyzed: 2577258 (100.000%) Dropped: 0 ( 0.000%) Filtered: 0 ( 0.000%) Outstanding: 0 ( 0.000%) Injected: 0 --- /tmp/snort7.out --- *** Caught Usr-Signal Packet I/O Totals: Received: 2406892 Analyzed: 2406892 (100.000%) Dropped: 0 ( 0.000%) Filtered: 0 ( 0.000%) Outstanding: 0 ( 0.000%) Injected: 0 --- /tmp/snort8.out --- *** Caught Usr-Signal Packet I/O Totals: Received: 2528434 Analyzed: 2528434 (100.000%) Dropped: 0 ( 0.000%) Filtered: 0 ( 0.000%) Outstanding: 0 ( 0.000%) Injected: 0 That was 5 minutes ago...I'm now up to ~7M Received/Analyzed per process without a drop on any. Wow. -- Jim Hranicky IT Security Engineer Office of Information Security and Compliance University of Florida ------------------------------------------------------------------------------ Nokia and AT&T present the 2010 Calling All Innovators-North America contest Create new apps & games for the Nokia N8 for consumers in U.S. and Canada $10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store http://p.sf.net/sfu/nokia-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Multiple Snort Instances - One Interface James Thornton (Oct 29)
- Re: Multiple Snort Instances - One Interface Will Metcalf (Oct 29)
- Re: Multiple Snort Instances - One Interface James Thornton (Oct 29)
- Re: Multiple Snort Instances - One Interface Will Metcalf (Oct 29)
- Re: Multiple Snort Instances - One Interface Jim Hranicky (Nov 01)
- Re: Multiple Snort Instances - One Interface Jim Hranicky (Nov 01)
- Re: Multiple Snort Instances - One Interface Will Metcalf (Nov 01)
- Re: Multiple Snort Instances - One Interface James Thornton (Oct 29)
- Re: Multiple Snort Instances - One Interface Will Metcalf (Oct 29)