Snort mailing list archives
Re: Snort running at 99% CPU
From: Phil Wood <cpw () lanl gov>
Date: Sun, 4 Nov 2001 20:11:28 -0700
I've seen the mysql server fill up a partition. As a consequence, snort will hang a read, I guess waiting for the result of some post. When this event happens you can watch snort with something like strace -p pid. It don't make a move, no how. On Sun, Nov 04, 2001 at 01:00:08AM -0500, Martin Roesch wrote:
Ok, if this isn't a FAQ yet it should be. This happens frequently when Snort is setup with MySQL support. I'm not 100% sure of the reason why still, but there is a correlation between 99% CPU utilization on Snort+MySQL and Linux. You might think about trying out barnyard or a different database as a solution. -Marty Blake Frantz wrote:Snort is consuming 99% CPU on a: model name : Pentium III (Coppermine) stepping : 10 cpu MHz : 931.013 cache size : 256 KB MemTotal: 1157752 kB MemFree: 1039896 kB Version 1.8.1-RELEASE (Build 74) compiled with mysql support. Sniffing a 100mbit wire, no packets dropping. I was running snort in the same place with a celeron and the CPU never reached 99% (that was snort 1.8.0 (?) I think). Same compile options. Any ideas ? -Blake _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users-- Martin Roesch - President, Sourcefire Inc. - (410)552-6999 roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Phil Wood, cpw () lanl gov _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort running at 99% CPU Blake Frantz (Nov 03)
- Re: Snort running at 99% CPU Chris Keladis (Nov 03)
- Re: Snort running at 99% CPU Blake Frantz (Nov 03)
- Re: Snort running at 99% CPU Ashley Thomas (Nov 03)
- Re: Snort running at 99% CPU Martin Roesch (Nov 03)
- Re: Snort running at 99% CPU Devdas Bhagat (Nov 03)
- Re: Snort running at 99% CPU Blake Frantz (Nov 04)
- Re: Snort running at 99% CPU Phil Wood (Nov 04)
- Re: Snort running at 99% CPU Martin Roesch (Nov 05)
- Re: Snort running at 99% CPU Devdas Bhagat (Nov 03)
- Re: Snort running at 99% CPU Chris Keladis (Nov 03)