[Snort-users] snort 99%cpu..not hanging

Jonathan rakocy at ...4983...
Sun Jun 30 08:06:03 EDT 2002


Hello,

After long hours of configuring BSD and psql, everything seems to be going
good.  Wrong, I check top and this is what I see. 
PID USERNAME PRI NICE  SIZE   RES STATE WAIT     TIME    CPU COMMAND
7433 root     64   0  1608K 2516K  run  -        8:23    99.56% snort

Ouch! I can't figure it out.  Snort is logging fine as far as I can
tell. Tailing the alert file produces expected output.  The db dumps lots
of rows.  Then I looked at other options for output and saw that the
kernel was dropping about 70% of packets. 
 
var HOME_NET is set to any.  I've seen some discussion about
explicitly specifying these.  I tried doing this like so 
xyz.abc.0.0/16.  No change. 

Anyone have any suggestions?

Kind regards,

~Jonathan

CSL 






More information about the Snort-users mailing list