Snort mailing list archives
Re: NFS file copy vs. snort ???
From: Jason <security () brvenik com>
Date: Mon, 06 Sep 2004 00:52:39 -0400
Michael D Schleif wrote:
* Jason <security () brvenik com> [2004:09:05:16:01:51-0400] scribed:Michael D Schleif wrote:
[...]
What is going on with this? How can I configure snort to *not* interfere with NFS? What do you think?I doubt Snort is interfering directly with your copy but instead you are using under powered hardware for the task of serving NFS and running snort.Please, expand. What constitutes ``under powered hardware'' in this context? See below.
This really depends on what you are trying to do, I still doubt it is Snort directly.
Kindly provide stats, what are you using, sun, intel, processors, memory... otherwise we are just talking and can't really get anywhere.
It sounds like Snort is using all CPU so your NFS copies are slow...No, it is *not* ``using all CPU''. Load is typically between 1 and 2; snort is typically using 2030% CPU; and other processes behave un-impaired.
Is typically when copying files or in a steady state? At 20-30% typical utilization that meant you have 2 processes using more, sounds close to full utilization to me, snort is just putting you over the edge.
This is basic system tuning stuff really. You said Snort is in the first 2 or 3 entries in the output from top. What is 1 and 2? What is the actual processor free time and memory available? How many context switches are happening, who is causing them? How much io is happening, how much time is spent waiting on IO? how many files are in the directories you are copying?
try tuning snort.Actually, that is one of the things I was asking `how to do' when I asked: How can I configure snort to *not* interfere with NFS?
You have many options. You can turn it off, tune it, tune the host system, or get more capable hardware. For help tuning Snort there is a really good book available as well as the wealth of information at snort.org I am not sure this will solve your problem but it might help alleviate some of the symptoms.
http://tinyurl.com/3p7mb or http://www.amazon.com/exec/obidos/tg/detail/-/1931836043/qid=1094446050/sr=8-1/ref=pd_ka_1/104-7450773-4086337?v=glance&s=books&n=507846 and of course http://www.snort.org
Please, expand with something specific.
------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- NFS file copy vs. snort ??? Michael D Schleif (Sep 05)
- Re: NFS file copy vs. snort ??? Jason (Sep 05)
- Re: NFS file copy vs. snort ??? Jose Maria Lopez (Sep 05)
- Re: NFS file copy vs. snort ??? Michael D Schleif (Sep 05)
- Re: NFS file copy vs. snort ??? Jose Maria Lopez (Sep 14)
- Re: NFS file copy vs. snort ??? Jose Maria Lopez (Sep 05)
- Re: NFS file copy vs. snort ??? Michael D Schleif (Sep 05)
- Re: NFS file copy vs. snort ??? Michael D Schleif (Sep 05)
- Re: NFS file copy vs. snort ??? Jason (Sep 05)
- Re: NFS file copy vs. snort ??? Michael D Schleif (Sep 05)
- Re: NFS file copy vs. snort ??? Jason (Sep 06)
- Re: NFS file copy vs. snort ??? Michael D Schleif (Sep 06)
- Re: NFS file copy vs. snort ??? Omar McKenzie (Sep 06)
- Re: NFS file copy vs. snort ??? Michael D Schleif (Sep 06)
- Re: NFS file copy vs. snort ??? Jason (Sep 06)
- Re: NFS file copy vs. snort ??? Michael D Schleif (Sep 06)
- Re: NFS file copy vs. snort ??? Jason (Sep 06)
- RE: NFS file copy vs. snort ??? the measly one (Sep 07)
- Re: NFS file copy vs. snort ??? Jason (Sep 05)