Snort mailing list archives
Re: Multiple Snort Instances - One Interface
From: Jim Hranicky <jfh () ufl edu>
Date: Mon, 1 Nov 2010 11:52:26 -0400
On Fri, 29 Oct 2010 13:40:08 -0500 Will Metcalf <william.metcalf () gmail com> wrote:
You will then have traffic load balanced across multiple snort processes based on flow. Enjoy drinking from the ids firehose ;-)... Also, you could also always checkout other err ummm open source IDS projects that support this functionality natively ;-)
Damn:
--- /tmp/snort1.out ---
*** Caught Usr-Signal
Packet I/O Totals:
Received: 2608501
Analyzed: 2608501 (100.000%)
Dropped: 0 ( 0.000%)
Filtered: 0 ( 0.000%)
Outstanding: 0 ( 0.000%)
Injected: 0
--- /tmp/snort2.out ---
*** Caught Usr-Signal
Packet I/O Totals:
Received: 2988261
Analyzed: 2988261 (100.000%)
Dropped: 0 ( 0.000%)
Filtered: 0 ( 0.000%)
Outstanding: 0 ( 0.000%)
Injected: 0
--- /tmp/snort3.out ---
*** Caught Usr-Signal
Packet I/O Totals:
Received: 2417539
Analyzed: 2417539 (100.000%)
Dropped: 0 ( 0.000%)
Filtered: 0 ( 0.000%)
Outstanding: 0 ( 0.000%)
Injected: 0
--- /tmp/snort4.out ---
*** Caught Usr-Signal
Packet I/O Totals:
Received: 2382326
Analyzed: 2382326 (100.000%)
Dropped: 0 ( 0.000%)
Filtered: 0 ( 0.000%)
Outstanding: 0 ( 0.000%)
Injected: 0
--- /tmp/snort5.out ---
*** Caught Usr-Signal
Packet I/O Totals:
Received: 2427689
Analyzed: 2427689 (100.000%)
Dropped: 0 ( 0.000%)
Filtered: 0 ( 0.000%)
Outstanding: 0 ( 0.000%)
Injected: 0
--- /tmp/snort6.out ---
*** Caught Usr-Signal
Packet I/O Totals:
Received: 2577258
Analyzed: 2577258 (100.000%)
Dropped: 0 ( 0.000%)
Filtered: 0 ( 0.000%)
Outstanding: 0 ( 0.000%)
Injected: 0
--- /tmp/snort7.out ---
*** Caught Usr-Signal
Packet I/O Totals:
Received: 2406892
Analyzed: 2406892 (100.000%)
Dropped: 0 ( 0.000%)
Filtered: 0 ( 0.000%)
Outstanding: 0 ( 0.000%)
Injected: 0
--- /tmp/snort8.out ---
*** Caught Usr-Signal
Packet I/O Totals:
Received: 2528434
Analyzed: 2528434 (100.000%)
Dropped: 0 ( 0.000%)
Filtered: 0 ( 0.000%)
Outstanding: 0 ( 0.000%)
Injected: 0
That was 5 minutes ago...I'm now up to ~7M Received/Analyzed per process
without a drop on any.
Wow.
--
Jim Hranicky
IT Security Engineer
Office of Information Security and Compliance
University of Florida
------------------------------------------------------------------------------
Nokia and AT&T present the 2010 Calling All Innovators-North America contest
Create new apps & games for the Nokia N8 for consumers in U.S. and Canada
$10 million total in prizes - $4M cash, 500 devices, nearly $6M in marketing
Develop with Nokia Qt SDK, Web Runtime, or Java and Publish to Ovi Store
http://p.sf.net/sfu/nokia-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Multiple Snort Instances - One Interface James Thornton (Oct 29)
- Re: Multiple Snort Instances - One Interface Will Metcalf (Oct 29)
- Re: Multiple Snort Instances - One Interface James Thornton (Oct 29)
- Re: Multiple Snort Instances - One Interface Will Metcalf (Oct 29)
- Re: Multiple Snort Instances - One Interface Jim Hranicky (Nov 01)
- Re: Multiple Snort Instances - One Interface Jim Hranicky (Nov 01)
- Re: Multiple Snort Instances - One Interface Will Metcalf (Nov 01)
- Re: Multiple Snort Instances - One Interface James Thornton (Oct 29)
- Re: Multiple Snort Instances - One Interface Will Metcalf (Oct 29)