[Snort-users] Snort 2.6.1 Stops Logging

Eric Feldhusen efeldhusen.lists at ...11827...
Wed Nov 22 09:18:47 EST 2006


>
> I've got a RHEL4u4 server with dual xeons with hyperthreading on, with
> snort-2.6.1 with mysql logging only and using Base 1.2.7 , and I've seen
> similar problems, the snortd process will run for about 20-120 minutes
> at a using 5-8% of the cpu, and then I'll check back later in the day
> and snortd process load is at 100%.  I've been shutting of more and more
> included rule sets to see if it's a particular rule causing the problem.
>   I'll have to try and see if I shut off all rules if it happens.


I've disabled all include rulesets in my /etc/snort/snort.conf on my snort
box this morning and restarted the snortd service.  Approximately 90 minutes
later, the snortd process was at 100% cpu and not responsive.

Is there any type of logging I can do to help with diagnosing this problem?

Eric Feldhusen
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20061122/bb50c1e3/attachment.html>


More information about the Snort-users mailing list