Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
NSM: add ability to pin snort via IDS_LB_CPUS #1729
The following package is now available at
Please test/verify as follows:
Inspired by the comments from Security-Onion-Solutions/securityonion-nsmnow-admin-scripts#28:
After the updated package is installed, you can pin snort processes to specific CPUs by adding a line to the
and then (re)starting the Snort process(es) using
In the example above, the first four snort processes would be pinned to the first four odd-numbered CPU cores. It validates the input as a number before using it, so if there are more than the specified number (eg 5), any processes without a CPU listed would have the default CPU affinity.
To test, you can move all processes to a specific set of CPUs using systemd's CPUAffinity setting in
Everything tested good. I used the following command to check the cpu affinity. taskset -cp PID. It gave me the numerical list of processors instead of a bitmask. Just a little easier to read the results.
The settings persisted through a reboot.
Ran so-test - IDS alerts were generated with no errors in logs or dropped packets.