[Snort-users] Snort spikes to 100% CPU followed by network latency

waldo kitty wkitty42 at ...14940...
Wed May 28 22:39:24 EDT 2014

On 5/28/2014 5:40 PM, Cody Brugh wrote:
> Also note that when we see these CPU/latency spikes we have no alerts or drops
> that would easily tell us what is causing the problem. If it's not a rule what
> should I start turning off to try eliminate possible causes?  It's something
> that doesn't log or anything.

what does your traffic look like on the line when this happens? is there any? 
are the light blinking? are you using some sort of additional packet capturing 
package that you can look at for the periods of high snort CPU usage???

  NOTE: No off-list assistance is given without prior approval.
        Please *keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

More information about the Snort-users mailing list