[Snort-users] Issues with snort 2.9.2.1 on FC13 x64

Jahchan, George snort at ...8052...
Thu Mar 8 04:32:15 EST 2012


I have compiled snort 2.9.2.1 from source on FC13 x86_64 with libpcap 1.1.1
and I am experiencing several issues the likes of which I have never seen
before, and I have been running earlier versions of snort for years.

1. High CPU utilization whenever snort generates alerts (between 80 and
100% of a CPU core).

2. The date/time in csv output file is random. All other logging is
disabled except for alerts in syslog which have the correct time stamp.

3. If I enable logging, snort logs to an endless number of 240 MB files
that quickly end up occupying all free space on disk. This is unsustainable
for any length of time, I had to disable all logging to run snort.

Are these particular to my setup? Anyone encountered such anomalous
behavior?

How do I diagnose and resolve these issues?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120308/07228dd5/attachment.html>


More information about the Snort-users mailing list