[Snort-users] pcre high cpu usage

Tomas Heredia tomas.heredia at ...12297...
Tue Oct 19 10:00:15 EDT 2010


 El 19/10/2010 10:50 a.m., Alex Kirk escribió:
>
>     BTW: most offending rules (with like 10000 ticks avg!!) were 4676
>     and 4677, related to Oracle Enterprise Manager. They had the
>     destination restricted to the only OEM in the net, but that was
>     enough to cause that delays... May be it's time to think in PCRE
>     ofloading! :-)
>     Best regards,
>     Tomás
>
>
> What revisions of those rules are you running? We had revs out briefly
> that were severely problematic, and we updated them as soon as we
> realized. I want to make sure the current versions of those two aren't
> causing problems.
both rev 5, updated on oct 12

Regards,
Tomás

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20101019/dc5fb8d1/attachment.html>


More information about the Snort-users mailing list