[Snort-users] Certin ET rulesets and 100 percent usage.

jlay at ...13475... jlay at ...13475...
Thu May 7 12:04:13 EDT 2009


So here's something interesting.  Enabling ANY of the below rulesets
results in snort using 100% CPU:

emerging-botcc.rules
emerging-compromised.rules
emerging-drop.rules
emerging-dshield.rules
emerging-rbn.rules
emerging-tor.rules

Without snort uses around 49%.  Using 2.8.4.1 with about 700K average
traffic.  Any thoughts?  Thanks.

James







More information about the Snort-users mailing list