Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort hardware issues

From: Erek Adams <erek () theadamsfamily net>
Date: Wed, 13 Jun 2001 13:26:17 -0700 (PDT)
On Wed, 13 Jun 2001, Sheahan, Paul (PCLN-NW) wrote:


I have a couple of technical hardware questions related to Snort that I was
hoping someone could answer?


Somewhat...


1. I am running a Snort server on a Compaq DL360 running Red Hat Linux 7.0.
The DL360 has 2 CPU's which don't seem to be getting utilized by Snort. Does
Snort support using 2 CPU's? When I use the TOP command, it shows one CPU as
pegged at 99.8% utilitzation, then the 99.8% jumps over to the 2nd CPU and
the first CPU becomes idle. The utilization pegs on both CPUs back and
forth. Is this normal? Can this be throttled somehow so I can get in and
manage the box easier without it being so sluggish?


Since I'm not really Linux savvy, check and see if it supports something like
binding a process to a processor.  Solaris has the pbind command that does
this.  From what my Linux geek friends have said Linux claims to do SMP, but
not very well.

[...snip...]

Maintenance Commands                                    pbind(1M)

NAME
     pbind - control and query bindings of processes  to  proces-
     sors

[...snip...]

Of course you could ditch that Linux distro and put Solaris x86 on there...
:)


2. Also I have 2 NICs in the box, one is used for gathering the data (it is
on a spanned port on a switch) and the other NIC I use for management. Every
time I try and log in, the server does NOT respond. If I do a traceroute on
both interfaces they don't respond for maybe 10 or 20 traces, then they pop
up. Then I QUICKLY open an ssh session and I'm in from there. If I do an
IFCONFIG, the 2nd NIC I plan to use for management shows NO activity, though
it is active and I can log in through it. Something definitely wrong here. I
wonder if the pegged CPU utilitization has something to do with the lack of
response? I can't think of a reason why the 2nd NIC would have no activity
though.


It almost sounds like you are having some sort of hardware error with one of
the cards.  Try checking all the logs for errors.  If you're bored, yank out
one nic and see how the machine behaves.

Sorry I can't be of more help.

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: