Re: Snort spikes to 100% CPU followed by network latency

[waldo kitty <wkitty42 () windstream net>]

On 5/28/2014 5:40 PM, Cody Brugh wrote:
> Also note that when we see these CPU/latency spikes we have no alerts or drops
> that would easily tell us what is causing the problem. If it's not a rule what
> should I start turning off to try eliminate possible causes?  It's something
> that doesn't log or anything.

what does your traffic look like on the line when this happens? is there any? 
are the light blinking? are you using some sort of additional packet capturing 
package that you can look at for the periods of high snort CPU usage???

-- 
  NOTE: No off-list assistance is given without prior approval.
        Please *keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

------------------------------------------------------------------------------
Time is money. Stop wasting it! Get your web API in 5 minutes.
www.restlet.com/download
http://p.sf.net/sfu/restlet
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!