[Snort-users] Snort hardware issues

Sheahan, Paul (PCLN-NW) Paul.Sheahan at ...2218...
Wed Jun 13 15:48:06 EDT 2001


I have a couple of technical hardware questions related to Snort that I was
hoping someone could answer?

1. I am running a Snort server on a Compaq DL360 running Red Hat Linux 7.0.
The DL360 has 2 CPU's which don't seem to be getting utilized by Snort. Does
Snort support using 2 CPU's? When I use the TOP command, it shows one CPU as
pegged at 99.8% utilitzation, then the 99.8% jumps over to the 2nd CPU and
the first CPU becomes idle. The utilization pegs on both CPUs back and
forth. Is this normal? Can this be throttled somehow so I can get in and
manage the box easier without it being so sluggish?

2. Also I have 2 NICs in the box, one is used for gathering the data (it is
on a spanned port on a switch) and the other NIC I use for management. Every
time I try and log in, the server does NOT respond. If I do a traceroute on
both interfaces they don't respond for maybe 10 or 20 traces, then they pop
up. Then I QUICKLY open an ssh session and I'm in from there. If I do an
IFCONFIG, the 2nd NIC I plan to use for management shows NO activity, though
it is active and I can log in through it. Something definitely wrong here. I
wonder if the pegged CPU utilitization has something to do with the lack of
response? I can't think of a reason why the 2nd NIC would have no activity
though.

Any technical gurus out there that might have some ideas?

Thanks!
Paul




More information about the Snort-users mailing list