[Snort-users] Snort 2.6.1 Stops Logging
efeldhusen.lists at ...11827...
Wed Nov 22 09:18:47 EST 2006
> I've got a RHEL4u4 server with dual xeons with hyperthreading on, with
> snort-2.6.1 with mysql logging only and using Base 1.2.7 , and I've seen
> similar problems, the snortd process will run for about 20-120 minutes
> at a using 5-8% of the cpu, and then I'll check back later in the day
> and snortd process load is at 100%. I've been shutting of more and more
> included rule sets to see if it's a particular rule causing the problem.
> I'll have to try and see if I shut off all rules if it happens.
I've disabled all include rulesets in my /etc/snort/snort.conf on my snort
box this morning and restarted the snortd service. Approximately 90 minutes
later, the snortd process was at 100% cpu and not responsive.
Is there any type of logging I can do to help with diagnosing this problem?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users