Snort mailing list archives
Re: snort processes
From: Derya Sezen <funky () gsu linux org tr>
Date: 20 Jun 2003 01:13:41 +0300
pardon me, i'd rather to say "anybody" instead of "everybody" in my question:) for multi interface support there's a libpcap patch which accept "any" as interface, so i think it does need a synchronized process, no? For mysql queries, i think it must wait the queries to finish to continue sniffing, so it can also need a synchronization, but as you said, version 2.0 works only with one process, but i remember i saw Snort working with more than one thread in a version below 2, not clear which... I'm curious if it would be more effective running Snort as multi-threaded... On Thu, 2003-06-19 at 02:58, Matt Kettler wrote:
At 01:45 AM 6/19/2003 +0300, Derya Sezen wrote:Everybody knows why Snort executes with more than one processes(threads), what are their functions one by one!? thanxMy advice can be summed up in three words.. "read the source"... I can't see why you'd need to know this unless you were already working with the source code anyway. might I suggest grepping the code for "pthread" as a starting point? I *think* that OLD snort used to do one thread per interface, and that the mysql code also cranks off threads, but current snort 2.0.0 only seems to do one thread plus mysql stuff... however I could be wrong, so if you really need to know the exact number of threads and why they are there, read the source code. My copy of snort 2.0.0 only appears to have one thread, and it does not use sql logging. ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Derya Sezen funky () gsu linux org tr "The software said it requires Windows or better, so I installed Linux..." ------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort processes Derya Sezen (Jun 18)
- Re: snort processes Matt Kettler (Jun 18)
- Re: snort processes Derya Sezen (Jun 19)
- Re: snort processes Erek Adams (Jun 19)
- <Possible follow-ups>
- RE: snort processes Esler, Joel Contractor (Jun 19)
- Re: snort processes Matt Kettler (Jun 18)