[Snort-users] pcre high cpu usage
tomas.heredia at ...12297...
Tue Oct 19 10:00:15 EDT 2010
El 19/10/2010 10:50 a.m., Alex Kirk escribió:
> BTW: most offending rules (with like 10000 ticks avg!!) were 4676
> and 4677, related to Oracle Enterprise Manager. They had the
> destination restricted to the only OEM in the net, but that was
> enough to cause that delays... May be it's time to think in PCRE
> ofloading! :-)
> Best regards,
> What revisions of those rules are you running? We had revs out briefly
> that were severely problematic, and we updated them as soon as we
> realized. I want to make sure the current versions of those two aren't
> causing problems.
both rev 5, updated on oct 12
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users