[Snort-users] RE : overloaded system after upgrading
yasayag at ...11827...
Tue Dec 13 05:20:07 EST 2011
thanks for responding.
I walked step by step matching the old config file to the new snort
version (running the snort after every step).
As soon as I changed the links of the dynamicpreprocessor and dynamicengine
-- old config --
--new config --
the machine goes wild; the memory and the cpu went high and a lot of
packet were dropped.
Nothing else were changed or added.
I haven't been dealing with the daq yet! could it have something to do
On 12/12/2011 04:56 PM, rmkml at ...1855... wrote:
> Hi Yossi,
> Maybe upgrade loss parameters like bpf filters ?
> Could you send previous and new snort configs ?
> Could you start old and new with verbose mode please ?
> a e'crit :
> Hi again
> after having no response I thought that the following describe will
> help getting more information...
> The preprocessors which I use are: frag3, stream5, prefmonitor,
> http_inspact, ssl
> The memcap from frag3 and streem5 were reduced to less then 10% from
> the value which worked fine in the last version. AND a lot of packets
> are still been dropped. The cpu works on 100%.
> I'd glad to have some help bringing my system back to the optimal
> -------- Original Message --------
> Subject: overloaded system after upgrading
> Date: Mon, 12 Dec 2011 12:03:33 +0200
> From: Yossi Asayag <yasayag at ...11827...>
> To: snort-users at lists.sourceforge.net
> Hallo there,
> after upgrading my snort version into the new version 2.9.1. the machine
> is overloaded and drop a lot of entities even though I´v matched the new
> config file (inserted the values from the recent config file - which
> worked perfectly). Have someone an idea what could be the reason and how
> can I bring my system back to the optimal performance?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users