[Snort-users] pcre high cpu usage
akirk at ...1935...
Tue Oct 19 09:50:43 EDT 2010
> BTW: most offending rules (with like 10000 ticks avg!!) were 4676 and 4677,
> related to Oracle Enterprise Manager. They had the destination restricted to
> the only OEM in the net, but that was enough to cause that delays... May be
> it's time to think in PCRE ofloading! :-)
> Best regards,
What revisions of those rules are you running? We had revs out briefly that
were severely problematic, and we updated them as soon as we realized. I
want to make sure the current versions of those two aren't causing problems.
AEGIS Program Lead
Sourcefire Vulnerability Research Team
alex.kirk at ...1935...
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users