Snort mailing list archives
Re: Can I 'nice' snort process?
From: Kris Kennaway <kris () obsecurity org>
Date: Thu, 10 Jan 2002 11:28:36 -0800
On Thu, Jan 10, 2002 at 10:03:16AM -0800, Tran, John wrote:
I'm running snort on one of my web servers as a local IDS (don't ask me why, let's just go along w/ it for now..) and it takes up massive amounts of CPU (40%), which can be expected considering it's a large amount of traffic. It was suggested to me to run 'nice' on the process to throttle it's CPU usage, but I'm pretty sure throttling snort will cause it to drop a lot of packets. Is this true?
It's using that amount of CPU because that's the amount of CPU it needs to use to monitor all that traffic. Consider doing things to reduce the snort workload or the impact on the server. Kris
Attachment:
_bin
Description:
Current thread:
- Can I 'nice' snort process? Tran, John (Jan 10)
- Re: Can I 'nice' snort process? Saad Kadhi (Jan 10)
- Re: Can I 'nice' snort process? D.Rajesh Kumar (Jan 10)
- Re: Can I 'nice' snort process? Kris Kennaway (Jan 10)
- Re: Can I 'nice' snort process? Frank (Jan 10)
- <Possible follow-ups>
- RE: Can I 'nice' snort process? Saad Kadhi (Jan 10)
- Re: Can I 'nice' snort process? Saad Kadhi (Jan 10)