[Snort-users] RE : overloaded system after upgrading

Yossi Asayag yasayag at ...11827...
Tue Dec 13 05:20:07 EST 2011


  Hi Rmkml,

thanks for responding.
I walked step by step matching the old config file to the new snort 
version (running the snort after every step).
As soon as I changed the links of the dynamicpreprocessor and dynamicengine

-- old config --
dynamicpreprocessor file 
/usr/local/lib/snort/dynamicpreprocessor/libsf_ssl_preproc.so
dynamicengine /usr/local/lib/snort/dynamicengine/libsf_engine.so

--new config --
dynamicpreprocessor file 
/usr/local/snort_2.9.1.2/lib/snort/dynamicpreprocessor/libsf_ssl_preproc.so
dynamicengine 
/usr/local/snort_2.9.1.2/lib/snort/dynamicengine/libsf_engine.so

the machine goes wild; the memory and the cpu went high and a lot of 
packet were dropped.

Nothing else were changed or added.

I haven't been dealing with the daq yet! could it have something to do 
with it?!

tnx


yossi




On 12/12/2011 04:56 PM, rmkml at ...1855... wrote:
> Hi Yossi,
> Maybe upgrade loss parameters like bpf filters ?
> Could you send previous and new snort configs ?
> Could you start old and new with verbose mode please ?
> Regards
> Rmkml
>
>
>
> a e'crit :
>
>      Hi again
>
> after having no response I thought that the following describe will 
> help getting more information...
> The preprocessors which I use are: frag3, stream5, prefmonitor, 
> http_inspact, ssl
>
> The memcap from frag3 and streem5 were reduced to less then 10% from 
> the value which worked fine in the last version. AND a lot of packets 
> are still been dropped. The cpu works on 100%.
>
> I'd glad to have some help bringing my system back to the optimal 
> performance.
>
> tnx
>
> yossi
>
>
>
>
> -------- Original Message --------
> Subject: 	overloaded system after upgrading
> Date: 	Mon, 12 Dec 2011 12:03:33 +0200
> From: 	Yossi Asayag <yasayag at ...11827...>
> To: 	snort-users at lists.sourceforge.net
>
>
>
> Hallo there,
>
> after upgrading my snort version into the new version 2.9.1. the machine
> is overloaded and drop a lot of entities even though I´v matched the new
> config file (inserted the values from the recent config file - which
> worked perfectly). Have someone an idea what could be the reason and how
> can I bring my system back to the optimal performance?
>
> Thanks
>
> Yoas
>
>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20111213/ae12bb00/attachment.html>


More information about the Snort-users mailing list