Re: AANVAL or MYSQL question

[Y M <snort () outlook com>]

> Snort packet processing is still single thread, but it also has other threads such as reload thread, control socket 
> thread etc. The reload thread should be idle majority of the time.  If >you suspected it is restarting, you will not 
> see any message like “snort reloaded…”. You will see “snort initializing “ or “restart” in the messages.
Thanks Hui. That pretty much explains it. Is there a way to tell which thread belongs to which Snort thread? 
YM

From: huica () cisco com
To: snort () outlook com; wkitty42 () windstream net; sgierczak () presencehealth org
CC: snort-users () lists sourceforge net
Subject: Re: [Snort-users] AANVAL or MYSQL question
Date: Wed, 23 Apr 2014 22:03:07 +0000






Snort packet processing is still single thread, but it also has other threads such as reload thread, control socket 
thread etc. The reload thread should be idle majority of the time.  If you suspected it is restarting, you will not see 
any message like
 “snort reloaded…”. You will see “snort initializing “ or “restart” in the messages.



Best,
Hui.





From: Y M <snort () outlook com>

Date: Wednesday, April 23, 2014 at 5:19 PM

To: waldo kitty <wkitty42 () windstream net>, "Gierczak, Stan" <sgierczak () presencehealth org>

Cc: snort-users <snort-users () lists sourceforge net>

Subject: Re: [Snort-users] AANVAL or MYSQL question







> @YM: maybe these are two threads of the same process? i see similar on my own 

> systems... three of them if i compile with the reload capability...



Isn't Snort single-threaded? I wouldn't imagine it will be creating another "thread" other than its own. On systems i 
look for there is only one process on every system I checked. May be OS specific? not likely?



I forgot to mentions that my systems are also compiled with reload. Which brings the question of if the Snort has been 
reloaded (not restarted) on these systems or these processes are showing up after a clean reboot?



YM




From: snort () outlook com

To: wkitty42 () windstream net; 
sgierczak () presencehealth org

Date: Wed, 23 Apr 2014 21:13:32 +0000

CC: snort-users () lists sourceforge net

Subject: Re: [Snort-users] AANVAL or MYSQL question




> @YM: maybe these are two threads of the same process? i see similar on my own 

> systems... three of them if i compile with the reload capability...



Isn't Snort single-threaded? I wouldn't imagine it will be creating another "thread" other than its own. On systems i 
look for there is only one process on every system I checked. May be OS specific? not likely?



YM



> Date: Wed, 23 Apr 2014 13:49:37 -0400

> From: wkitty42 () windstream net

> To: SGierczak () presencehealth org;
snort () outlook com; 
snort-users () lists sourceforge net

> Subject: Re: [Snort-users] AANVAL or MYSQL question

>

> On 4/22/2014 1:09 PM, Gierczak, Stan wrote:

> [...]

> > snort 1321 82.3 12.3 633956 501136 ? Rsl Apr21 1393:18

> > /usr/sbin/snort -A fast -b -d -D -i eth0 -u snort -g snort -c

> > /etc/snort/snort.conf -l /var/log/snort/eth0

> >

> > snort 3514 66.1 7.6 633684 308620 ? Rsl 12:01 4:34 /usr/sbin/snort

> > -A fast -b -d -D -i eth0 -u snort -g snort -c /etc/snort/snort.conf -l

> > /var/log/snort/eth0

>

> @YM: maybe these are two threads of the same process? i see similar on my own 

> systems... three of them if i compile with the reload capability...

>

> -- 

> NOTE: No off-list assistance is given without prior approval.

> Please keep mailing list traffic on the list unless

> private contact is specifically requested and granted.






------------------------------------------------------------------------------ Start Your Social Network Today - 
Download eXo Platform Build your Enterprise Intranet with eXo Platform Software Java Based Open Source Intranet - 
Social, Extensible, Cloud Ready
 Get Started Now And Turn Your Intranet Into A Collaboration Platform 
http://p.sf.net/sfu/ExoPlatform

_______________________________________________ Snort-users mailing list 
Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit
http://blog.snort.org to stay current on all the latest Snort news!



------------------------------------------------------------------------------
Start Your Social Network Today - Download eXo Platform
Build your Enterprise Intranet with eXo Platform Software
Java Based Open Source Intranet - Social, Extensible, Cloud Ready
Get Started Now And Turn Your Intranet Into A Collaboration Platform
http://p.sf.net/sfu/ExoPlatform

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!