Koozali.org: home of the SME Server

Obsolete Releases => SME 7.x Contribs => Topic started by: Stiven on August 05, 2008, 04:33:32 PM

Title: Problem : CPU usage at 100% because of snort
Post by: Stiven on August 05, 2008, 04:33:32 PM: Hi,

As you can read in the subject the cpu usage of my sme box is around 100% when snort is running.

Is someone can help me please.

Thanx in advance.

FYI : smeserver-snort-2.7.0.1-1 + smeserver-oinkmaster-1.2-2 + smeserver-guardiand-1.7-4 + smeserver-base-1.2.2-1

Tell me if you need some pieces of log for diagnosys
Title: Re: Problem : CPU usage at 100% because of snort
Post by: cactus on August 05, 2008, 09:10:39 PM: Quote from: Stiven on August 05, 2008, 04:33:32 PM
Hi,

As you can read in the subject the cpu usage of my sme box is around 100% when snort is running.

Is someone can help me please.

Thanx in advance.

FYI : smeserver-snort-2.7.0.1-1 + smeserver-oinkmaster-1.2-2 + smeserver-guardiand-1.7-4 + smeserver-base-1.2.2-1

Tell me if you need some pieces of log for diagnosys
100% of processor utilization is not necessarily a bad thing on linux, how long does it stay at 100%, does it also slow down other processes? Linux has a far better prioritization system for processes than windows.
Title: Re: Problem : CPU usage at 100% because of snort
Post by: mmccarn on August 06, 2008, 03:29:31 PM: I installed snort once years ago, and found that after a while (weeks or months) the number of files in the snort log folder reached a point where starting snort would generate hours of disk thrashing as it tried to do something with the log files...

I believe this was addressed in the SME snort contrib quite a while ago.

Are you running a SME 'snort' contrib, or have you installed snort manually?
Title: Re: Problem : CPU usage at 100% because of snort
Post by: Stiven on August 07, 2008, 03:18:37 PM: Quote from: cactus on August 05, 2008, 09:10:39 PM
how long does it stay at 100%,
Ever
Quote from: cactus on August 05, 2008, 09:10:39 PM
does it also slow down other processes?
I don't really know but I suppose
Quote from: cactus on August 05, 2008, 09:10:39 PM
Linux has a far better prioritization system for processes than windows.
Yes it has.

Quote from: mmccarn on August 06, 2008, 03:29:31 PM
Are you running a SME 'snort' contrib, or have you installed snort manually?
The answer is in my first post.
Title: Re: Problem : CPU usage at 100% because of snort
Post by: Stiven on August 14, 2008, 10:58:36 PM: UP
Title: Re: Problem : CPU usage at 100% because of snort
Post by: CharlieBrady on August 14, 2008, 11:53:22 PM: Quote from: Stiven on August 05, 2008, 04:33:32 PM
As you can read in the subject the cpu usage of my sme box is around 100% when snort is running.

I'd suggest you remove snort, and just use your time ensuring that you don't install insecure software on your server.
Title: Re: Problem : CPU usage at 100% because of snort
Post by: paulfung on September 01, 2008, 11:33:43 AM: check the rule defination auto download by the oinkmaster, it is always teh current version, and when the version change, the rule that does not matchs the snort version you are using will make the server run at 100%.

Check out the script file and point it to the correct version..... I forgot how as it happen so long before.....

Hope this help.