Snort mailing list archives
Re: Snort 2.6.1.3 ignoring stream4
From: Joel Esler <joel.esler () sourcefire com>
Date: Fri, 6 Apr 2007 15:41:14 -0400
Paul, How much RAM and what type of processor do you have on this machine? JOel On Fri, Apr 06, 2007 at 02:23:01PM -0400, it looks like Paul Melson sent me:
Just a question, we'll have to look at this more intensly, but try config detection: search-method ac-bnfaAdam & Joel, I made this change on the affected sensor last night and I am now seeing packet drop% peaks in the 55-60 range, almost double where it was before. Additionally, CPU utilization for that process climbed up to 100% this morning (with the start of business) and hasn't dipped below 90%. It is typically in the 60-80% range during business hours. Previously, there was no uncommented 'config detection' line in the snort.conf file. So I've removed that change and am back to where things were when I first posted. If it matters, the sensor is on RHEL4 on x86 and had very small load on the same hardware with 2.6.0 and prior. Thanks, PaulM ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
+---------------------------------------------------------------------+
Joel Esler Security Consultant
gpg key: http://demo.sourcefire.com/jesler.pgp.key
+---------------------------------------------------------------------+
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 2.6.1.3 ignoring stream4 Paul Melson (Apr 05)
- Snort 2.6 working with Snortsam, Redhat and a Cisco ASA Lang, Robert (Apr 05)
- Re: Snort 2.6 working with Snortsam, Redhat and a Cisco ASA Paul Melson (Apr 05)
- Re: Snort 2.6 working with Snortsam, Redhat and a Cisco ASA Joel Esler (Apr 05)
- Re: Snort 2.6 working with Snortsam, Redhat and a Cisco ASA Paul Melson (Apr 05)
- Re: Snort 2.6.1.3 ignoring stream4 Adam Keeton (Apr 05)
- Re: Snort 2.6.1.3 ignoring stream4 Joel Esler (Apr 05)
- Re: Snort 2.6.1.3 ignoring stream4 Paul Melson (Apr 06)
- Re: Snort 2.6.1.3 ignoring stream4 Joel Esler (Apr 06)
- Re: Snort 2.6.1.3 ignoring stream4 Paul Melson (Apr 06)
- Re: Snort 2.6.1.3 ignoring stream4 Darryl Taylor (Apr 06)
- Re: Snort 2.6.1.3 ignoring stream4 Paul Melson (Apr 07)
- Re: Snort 2.6.1.3 ignoring stream4 Paul Melson (Apr 06)
- Re: Snort 2.6.1.3 ignoring stream4 Paul Melson (Apr 16)
- Re: Snort 2.6.1.3 ignoring stream4 Frank Knobbe (Apr 18)
- Re: Snort 2.6.1.3 ignoring stream4 Justin Heath (Apr 18)
- Message not available
- Re: Snort 2.6.1.3 ignoring stream4 Paul Melson (Apr 19)
- Snort 2.6 working with Snortsam, Redhat and a Cisco ASA Lang, Robert (Apr 05)
- Re: Snort 2.6.1.3 ignoring stream4 Nigel Houghton (Apr 19)