hi Ludovic, SEC is mono-threaded. Although some parts of the code could be run in parallel, there are many parts in the code which require specific order of execution. Unfortunately, this also applies to rule processing and pattern matching (which usually consume most of the CPU time). Quite often, the user has ordered the rules in some particular way, in order to achieve specific processing effects. The simplest way to take advantage of multiple processes is to split logically independent rules into several independent rule sets, and run a separate SEC process for each such rule set. Of course, one way would be to introduce specific keywords into rules (e.g., an Options rule with a keyword 'independent'), but I believe that running multiple processes explicitly is a clearer solution. kind regards, risto
2011/10/13 Ludovic Hutin <[email protected]>: > Hi all, > > I have a simple question about SEC. I don't find the answer in the > availible documentation. > Now we have many server with a lot of processor and core. Does SEC > is able to take advantage of this number of processor / core ? > SEC is mono thread or multi thread ? > > Best regards, > Ludovic. > > ------------------------------------------------------------------------------ > All the data continuously generated in your IT infrastructure contains a > definitive record of customers, application performance, security > threats, fraudulent activity and more. Splunk takes this data and makes > sense of it. Business sense. IT sense. Common sense. > http://p.sf.net/sfu/splunk-d2d-oct > _______________________________________________ > Simple-evcorr-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users > ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct _______________________________________________ Simple-evcorr-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/simple-evcorr-users
