Re: [Simple-evcorr-users] Questions about thread

Thu, 13 Oct 2011 04:18:52 -0700 

Hi Risto,

     Your solution ton run many sec instance with independ rules should 
be the solution (for me).

     Thanks.

Ludovic.

Le 13/10/2011 12:38, Risto Vaarandi a écrit :
> hi Ludovic,
> SEC is mono-threaded. Although some parts of the code could be run in
> parallel, there are many parts in the code which require specific
> order of execution. Unfortunately, this also applies to rule
> processing and pattern matching (which usually consume most of the CPU
> time). Quite often, the user has ordered the rules in some particular
> way, in order to achieve specific processing effects.
> The simplest way to take advantage of multiple processes is to split
> logically independent rules into several independent rule sets, and
> run a separate SEC process for each such rule set.
> Of course, one way would be to introduce specific keywords into rules
> (e.g., an Options rule with a keyword 'independent'), but I believe
> that running multiple processes explicitly is a clearer solution.
> kind regards,
> risto
>
> 2011/10/13 Ludovic Hutin<ludovic.hu...@ac-nancy-metz.fr>:
>> Hi all,
>>
>>      I have a simple question about SEC. I don't find the answer in the
>> availible documentation.
>>      Now we have many server with a lot of processor and core. Does SEC
>> is able to take advantage of this number of processor / core ?
>>      SEC is mono thread or multi thread ?
>>
>> Best regards,
>> Ludovic.
>>
>> ------------------------------------------------------------------------------
>> All the data continuously generated in your IT infrastructure contains a
>> definitive record of customers, application performance, security
>> threats, fraudulent activity and more. Splunk takes this data and makes
>> sense of it. Business sense. IT sense. Common sense.
>> http://p.sf.net/sfu/splunk-d2d-oct
>> _______________________________________________
>> Simple-evcorr-users mailing list
>> Simple-evcorr-users@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
>>


-- 
- - - - - - - - - - - - - - -
Ludovic Hutin
Pôle Supervision
Académie de Nancy-Metz
03 83 86 27 39


------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct
_______________________________________________
Simple-evcorr-users mailing list
Simple-evcorr-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users

Reply via email to