Not sure if this is related to 16.01.2, or some pattern update, but shortly after I updated on 11/29 my CPU usage has more than doubled with no changes to configuration other than the 16.01.2 update (and probably some behind-the-scenes pattern updates).
I didn't even know the CPU was under load until the effects yesterday 12/7 when my traffic was screeching slow. When I logged onto the console snort was taking 100% CPU!
I checked a few links from the board and found my maxpxts was 80 so I adjusted that to 8 which has helped a lot keeping snort to around 60-70% CPU but the system is definitely running hotter than usual (compare to the previous SFOS 16.01.1).
It also seems like vlan routing (zone-to-zone) policies influence snort (some sort of pre-filtering?) even though IPS policy for that rule is set to None. Is there a way to exclude pre-filter snort traffic if the rule defines it as none?
Thanks
This thread was automatically locked due to age.
