[Snort-users] Snort running at 99% CPU
cpw at ...440...
Sun Nov 4 19:12:03 EST 2001
I've seen the mysql server fill up a partition.
As a consequence, snort will hang a read, I guess waiting for the result
of some post. When this event happens you can watch snort with something
like strace -p pid. It don't make a move, no how.
On Sun, Nov 04, 2001 at 01:00:08AM -0500, Martin Roesch wrote:
> Ok, if this isn't a FAQ yet it should be. This happens frequently when
> Snort is setup with MySQL support. I'm not 100% sure of the reason why
> still, but there is a correlation between 99% CPU utilization on
> Snort+MySQL and Linux. You might think about trying out barnyard or a
> different database as a solution.
> Blake Frantz wrote:
> > Snort is consuming 99% CPU on a:
> > model name : Pentium III (Coppermine)
> > stepping : 10
> > cpu MHz : 931.013
> > cache size : 256 KB
> > MemTotal: 1157752 kB
> > MemFree: 1039896 kB
> > Version 1.8.1-RELEASE (Build 74)
> > compiled with mysql support.
> > Sniffing a 100mbit wire, no packets dropping.
> > I was running snort in the same place with a celeron and the CPU never
> > reached 99% (that was snort 1.8.0 (?) I think). Same compile options.
> > Any ideas ?
> > -Blake
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> Martin Roesch - President, Sourcefire Inc. - (410)552-6999
> roesch at ...1935... - http://www.sourcefire.com
> Snort: Open Source Network IDS - http://www.snort.org
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Phil Wood, cpw at ...440...
More information about the Snort-users