[Snort-users] snort 99%cpu..not hanging
rakocy at ...4983...
Sun Jun 30 08:06:03 EDT 2002
After long hours of configuring BSD and psql, everything seems to be going
good. Wrong, I check top and this is what I see.
PID USERNAME PRI NICE SIZE RES STATE WAIT TIME CPU COMMAND
7433 root 64 0 1608K 2516K run - 8:23 99.56% snort
Ouch! I can't figure it out. Snort is logging fine as far as I can
tell. Tailing the alert file produces expected output. The db dumps lots
of rows. Then I looked at other options for output and saw that the
kernel was dropping about 70% of packets.
var HOME_NET is set to any. I've seen some discussion about
explicitly specifying these. I tried doing this like so
xyz.abc.0.0/16. No change.
Anyone have any suggestions?
More information about the Snort-users