[Snort-users] Snort spikes to 100% CPU followed by network latency

Cody Brugh cbrugh at ...11827...
Thu May 22 20:13:37 EDT 2014


We have been running snort in-line for over a year now with no issues in
terms of latency or CPU usage.  Recently (over the past month) snort will
all of the sudden spike CPU usage up to 100% and network latency becomes
real bad, 1000+ms.

I am really not sure where to start on figuring out what is causing this.
I am starting snort so it prints the alerts/drops on the console and don't
see any specific rule that would be causing this.

Any advise on this issue?

Snort OS: CentOS, 64-bit

  o"  )~   Version GRE (Build 56)
   ''''    By Martin Roesch & The Snort Team:
           Copyright (C) 2014 Cisco and/or its affiliates. All rights
           Copyright (C) 1998-2013 Sourcefire, Inc., et al.
           Using libpcap version 1.0.0
           Using PCRE version: 7.8 2008-09-05
           Using ZLIB version: 1.2.3

DAQ version: 2.0.2

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140522/29e0be7a/attachment.html>

More information about the Snort-users mailing list