Myricom cards and multiple instances of Snort - how-to?

[Glenn Forbes Fleming Larratt <gl89 () cornell edu>]

Folks,

We have a set of listener hosts with Myricom cards and their Sniffer-10G 
driver.

In order to handle the quantity of traffic coming through, I need to 
compile/configure/fold/spindle Snort into running multiple instances in 
parallel per machine, and I'm not really getting how to do it. I've 
compiled Snort 2.9.7.0 thus:

   ./configure \
     --with-libpcap-includes=/opt/snf
     --with-libpcap-libraries=/opt/snf
     --with-daq-includes=/usr/local/include
     --with-daq-libraries=/usr/local/lib
   make
   make install

, but I suspect that I need to include PF_RING somehow, and can't figure 
out the interplay between Snort, PF_RING, and the Sniffer-10G driver.

Would anyone out there with a similar deployment have any insights they 
could share?

Thanks,
-- 
Glenn Forbes Fleming Larratt
Cornell University IT Security Office

------------------------------------------------------------------------------
Monitor Your Dynamic Infrastructure at Any Scale With Datadog!
Get real-time metrics from all of your servers, apps and tools
in one place.
SourceForge users - Click here to start your Free Trial of Datadog now!
http://pubads.g.doubleclick.net/gampad/clk?id=241902991&iu=/4140
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!