Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: NFS file copy vs. snort ???

From: Jason <security () brvenik com>
Date: Sun, 05 Sep 2004 16:01:51 -0400
I doubt Snort is interfering directly with your copy but instead you are using under powered hardware for the task of serving NFS and running snort. It sounds like Snort is using all CPU so your NFS copies are slow... try tuning snort. 

Michael D Schleif wrote:


One of my main systems is connected to several NFS v3 servers; and, this
box also runs snort.

Copies, like the following examples, are excruciatingly slo-o-o-o-w-w-w,
especially when the file is large (e.g., 250 MiB.)

        cp -a /remote/tmp/* .
        cp -a * /remote/tmp/

By `slow', I mean in the two-digit kbps ;<

I do not find anything interesting in `vmstat', nor in
/var/log/{kern.log,messages,syslog}, nor is snort logging anything, in
this regard.

My first clue was noticing snort in `top' alternating in the top 2 or 3
positions.  Stopping snort on *both* ends of the connection results in file
transfers that meet my expectations.

What is going on with this?

How can I configure snort to *not* interfere with NFS?

What do you think?





-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: