[Snort-users] Snort 220.127.116.11 ignoring stream4
pmelson at ...11827...
Fri Apr 6 14:23:01 EDT 2007
> Just a question, we'll have to look at this more intensly, but try
> config detection: search-method ac-bnfa
Adam & Joel,
I made this change on the affected sensor last night and I am now seeing
packet drop% peaks in the 55-60 range, almost double where it was before.
Additionally, CPU utilization for that process climbed up to 100% this
morning (with the start of business) and hasn't dipped below 90%. It is
typically in the 60-80% range during business hours. Previously, there was
no uncommented 'config detection' line in the snort.conf file.
So I've removed that change and am back to where things were when I first
posted. If it matters, the sensor is on RHEL4 on x86 and had very small
load on the same hardware with 2.6.0 and prior.
More information about the Snort-users