[Snort-users] Snort hardware issues

agetchel at ...1525... agetchel at ...1525...
Wed Jun 13 16:09:36 EDT 2001


Hi Paul,
	Snort is not multithreaded and will not be multithreaded (according
to the developers), so it _will not_ take advantage of multiple processors.
There is no portable threading library that would allow Snort to be ported
to the numerous OS's it currently runs on, so the decision was made to keep
portability as a trade-off for SMP capabilities.  IMHO, this is a good
thing.
	The load the system is under _could_ have something to do with the
unresponsiveness of the system, but it shouldn't be so loaded that it can't
respond to ICMP traffic.  Something else seems to be the issue here...

Thanks,
Abe

Abe L. Getchell - Security Engineer
Division of System Support Services
Kentucky Department of Education
Voice   502-564-2020x225
E-mail  agetchel at ...1525...
Web     http://www.kde.state.ky.us/



> -----Original Message-----
> From: Sheahan, Paul (PCLN-NW) [mailto:Paul.Sheahan at ...2218...]
> Sent: Wednesday, June 13, 2001 3:48 PM
> To: 'Snort-users at lists.sourceforge.net'
> Subject: [Snort-users] Snort hardware issues
> 
> 
> I have a couple of technical hardware questions related to 
> Snort that I was
> hoping someone could answer?
> 
> 1. I am running a Snort server on a Compaq DL360 running Red 
> Hat Linux 7.0.
> The DL360 has 2 CPU's which don't seem to be getting utilized 
> by Snort. Does
> Snort support using 2 CPU's? When I use the TOP command, it 
> shows one CPU as
> pegged at 99.8% utilitzation, then the 99.8% jumps over to 
> the 2nd CPU and
> the first CPU becomes idle. The utilization pegs on both CPUs back and
> forth. Is this normal? Can this be throttled somehow so I can 
> get in and
> manage the box easier without it being so sluggish?
> 
> 2. Also I have 2 NICs in the box, one is used for gathering 
> the data (it is
> on a spanned port on a switch) and the other NIC I use for 
> management. Every
> time I try and log in, the server does NOT respond. If I do a 
> traceroute on
> both interfaces they don't respond for maybe 10 or 20 traces, 
> then they pop
> up. Then I QUICKLY open an ssh session and I'm in from there. 
> If I do an
> IFCONFIG, the 2nd NIC I plan to use for management shows NO 
> activity, though
> it is active and I can log in through it. Something 
> definitely wrong here. I
> wonder if the pegged CPU utilitization has something to do 
> with the lack of
> response? I can't think of a reason why the 2nd NIC would 
> have no activity
> though.
> 
> Any technical gurus out there that might have some ideas?
> 
> Thanks!
> Paul
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 




More information about the Snort-users mailing list