Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 477 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

30Mbps pipe, snort_inline taking 90-100% CPU

x-cimo
I just upgraded to a 30Mbps WAN.

Computer direct to Modem I get 28.7 Mbps, when using Astaro I get 23-24Mbps.

So I tried to disable IPS and i got 28.56 Mbps.

So I started to look and found that during download at fullspeed top show snort_inline at 90%+ CPU.

ASG is running in a VM on a Intel Core2Quad 6600. (3.2ghz), with 2 cpu dedicated to that vm, and 1.5gb of ram.

Is there anything I can do to get snort_inline to use less CPU (and get troughput back)..

Also it seem that if I remove all the signature it dosent help..  I get the full speed back only by disabling IPS so snort_inline dont come up. It seem odd to me that with NO signature selected snort_inline still take near 100% CPU.

Thanks


This thread was automatically locked due to age.
Parents Reply Children
  • 0 in reply to BarryG
    I am running the latest 7.501, with 2 cpu assigned to the vm.

    Do I need to do anything to enable the multi-threaded version?

    Also, does it make sense to you that if I have no signature/pattern selected in the IPS, it still take up all the cpu? Basically checking all Attack patterns or none make no difference.  I only see a difference if I completely disable the IPS.

    Anti-DOS/Portscan are both disable all the time.

    Thanks you