v8.1 how can i have snort only run one instance instead of the 4 it's trying ot run now. I don't want snort to be trowing my cpu into the ionosphere..[:)]
FWIW, I did some tests on my Atom n270 (1 core with HT) @ home with iperf; running snort with 1 or 2 threads made no difference; I tried running iperf from multiple client PCs (against 1 server) as well. I'm guessing HyperThreading doesn't help snort.
If one had multiple CPU cores with HT, would there be a way to pin snort to physical CPUs only? e.g. if you have 2 cores each with HT, resulting in 4 'cpus', could you set snort to 2 threads and get it to run on each core?
Also, I found afcd to be almost as much of a bottleneck as snort; perhaps it could use some tuning too?
Performance results: (tested 7.509 with iperf from VLAN LAN to VLAN DMZ, on a NetGear GS108T gigE 'smart' switch, eth1 locked at 1000Full) 440mbps PacketFilter only 92mbps afcd (flow classifier) IM and/or P2P (performance is the same with 1 or both enabled) 65mbps snort (5386 IPS rules Active) (same with 1 or 2 threads) 53mbps snort + afcd
FWIW, I did some tests on my Atom n270 (1 core with HT) @ home with iperf; running snort with 1 or 2 threads made no difference; I tried running iperf from multiple client PCs (against 1 server) as well. I'm guessing HyperThreading doesn't help snort.
If one had multiple CPU cores with HT, would there be a way to pin snort to physical CPUs only? e.g. if you have 2 cores each with HT, resulting in 4 'cpus', could you set snort to 2 threads and get it to run on each core?
Also, I found afcd to be almost as much of a bottleneck as snort; perhaps it could use some tuning too?
Performance results: (tested 7.509 with iperf from VLAN LAN to VLAN DMZ, on a NetGear GS108T gigE 'smart' switch, eth1 locked at 1000Full) 440mbps PacketFilter only 92mbps afcd (flow classifier) IM and/or P2P (performance is the same with 1 or both enabled) 65mbps snort (5386 IPS rules Active) (same with 1 or 2 threads) 53mbps snort + afcd
