Re: RE : overloaded system after upgrading

[Yossi Asayag <yasayag () gmail com>]

 Hi Rmkml,

thanks for responding.
I walked step by step matching the old config file to the new snort 
version (running the snort after every step).
As soon as I changed the links of the dynamicpreprocessor and dynamicengine

-- old config --
dynamicpreprocessor file 
/usr/local/lib/snort/dynamicpreprocessor/libsf_ssl_preproc.so
dynamicengine /usr/local/lib/snort/dynamicengine/libsf_engine.so

--new config --
dynamicpreprocessor file 
/usr/local/snort_2.9.1.2/lib/snort/dynamicpreprocessor/libsf_ssl_preproc.so
dynamicengine 
/usr/local/snort_2.9.1.2/lib/snort/dynamicengine/libsf_engine.so

the machine goes wild; the memory and the cpu went high and a lot of 
packet were dropped.

Nothing else were changed or added.

I haven't been dealing with the daq yet! could it have something to do 
with it?!

tnx


yossi




On 12/12/2011 04:56 PM, rmkml () yahoo fr wrote:
> Hi Yossi,
> Maybe upgrade loss parameters like bpf filters ?
> Could you send previous and new snort configs ?
> Could you start old and new with verbose mode please ?
> Regards
> Rmkml
>
>
>
> a e'crit :
>
>      Hi again
>
> after having no response I thought that the following describe will 
> help getting more information...
> The preprocessors which I use are: frag3, stream5, prefmonitor, 
> http_inspact, ssl
>
> The memcap from frag3 and streem5 were reduced to less then 10% from 
> the value which worked fine in the last version. AND a lot of packets 
> are still been dropped. The cpu works on 100%.
>
> I'd glad to have some help bringing my system back to the optimal 
> performance.
>
> tnx
>
> yossi
>
>
>
>
> -------- Original Message --------
> Subject:        overloaded system after upgrading
> Date:   Mon, 12 Dec 2011 12:03:33 +0200
> From:   Yossi Asayag <yasayag () gmail com>
> To:     snort-users () lists sourceforge net
>
>
>
> Hallo there,
>
> after upgrading my snort version into the new version 2.9.1. the machine
> is overloaded and drop a lot of entities even though I´v matched the new
> config file (inserted the values from the recent config file - which
> worked perfectly). Have someone an idea what could be the reason and how
> can I bring my system back to the optimal performance?
>
> Thanks
>
> Yoas


------------------------------------------------------------------------------
Systems Optimization Self Assessment
Improve efficiency and utilization of IT resources. Drive out cost and 
improve service delivery. Take 5 minutes to use this Systems Optimization 
Self Assessment. http://www.accelacomm.com/jaw/sdnl/114/51450054/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!