[Snort-users] NFS file copy vs. snort ???
security at ...5028...
Sun Sep 5 21:53:01 EDT 2004
Michael D Schleif wrote:
> * Jason <security at ...5028...> [2004:09:05:16:01:51-0400] scribed:
>>Michael D Schleif wrote:
>>>What is going on with this?
>>>How can I configure snort to *not* interfere with NFS?
>>>What do you think?
>>I doubt Snort is interfering directly with your copy but instead you are
>>using under powered hardware for the task of serving NFS and running
> Please, expand. What constitutes ``under powered hardware'' in this
> context? See below.
This really depends on what you are trying to do, I still doubt it is
Kindly provide stats, what are you using, sun, intel, processors,
memory... otherwise we are just talking and can't really get anywhere.
>>It sounds like Snort is using all CPU so your NFS copies are
> No, it is *not* ``using all CPU''. Load is typically between 1 and 2;
> snort is typically using 2030% CPU; and other processes behave
Is typically when copying files or in a steady state? At 20-30% typical
utilization that meant you have 2 processes using more, sounds close to
full utilization to me, snort is just putting you over the edge.
This is basic system tuning stuff really. You said Snort is in the first
2 or 3 entries in the output from top. What is 1 and 2? What is the
actual processor free time and memory available? How many context
switches are happening, who is causing them? How much io is happening,
how much time is spent waiting on IO? how many files are in the
directories you are copying?
>>try tuning snort.
> Actually, that is one of the things I was asking `how to do' when I
> How can I configure snort to *not* interfere with NFS?
You have many options. You can turn it off, tune it, tune the host
system, or get more capable hardware. For help tuning Snort there is a
really good book available as well as the wealth of information at
snort.org I am not sure this will solve your problem but it might help
alleviate some of the symptoms.
and of course
> Please, expand with something specific.
More information about the Snort-users