|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: agetchel
kde.state.ky.usDate: Wed Jun 13 2001 - 15:09:36 CDT
Hi Paul,
Snort is not multithreaded and will not be multithreaded (according
to the developers), so it _will not_ take advantage of multiple processors.
There is no portable threading library that would allow Snort to be ported
to the numerous OS's it currently runs on, so the decision was made to keep
portability as a trade-off for SMP capabilities. IMHO, this is a good
thing.
The load the system is under _could_ have something to do with the
unresponsiveness of the system, but it shouldn't be so loaded that it can't
respond to ICMP traffic. Something else seems to be the issue here...
Thanks,
Abe
Abe L. Getchell - Security Engineer
Division of System Support Services
Kentucky Department of Education
Voice 502-564-2020x225
E-mail agetchelkde.state.ky.us
Web http://www.kde.state.ky.us/
> -----Original Message-----
> From: Sheahan, Paul (PCLN-NW) [mailto:Paul.Sheahanpriceline.com]
> Sent: Wednesday, June 13, 2001 3:48 PM
> To: 'Snort-userslists.sourceforge.net'
> Subject: [Snort-users] Snort hardware issues
>
>
> I have a couple of technical hardware questions related to
> Snort that I was
> hoping someone could answer?
>
> 1. I am running a Snort server on a Compaq DL360 running Red
> Hat Linux 7.0.
> The DL360 has 2 CPU's which don't seem to be getting utilized
> by Snort. Does
> Snort support using 2 CPU's? When I use the TOP command, it
> shows one CPU as
> pegged at 99.8% utilitzation, then the 99.8% jumps over to
> the 2nd CPU and
> the first CPU becomes idle. The utilization pegs on both CPUs back and
> forth. Is this normal? Can this be throttled somehow so I can
> get in and
> manage the box easier without it being so sluggish?
>
> 2. Also I have 2 NICs in the box, one is used for gathering
> the data (it is
> on a spanned port on a switch) and the other NIC I use for
> management. Every
> time I try and log in, the server does NOT respond. If I do a
> traceroute on
> both interfaces they don't respond for maybe 10 or 20 traces,
> then they pop
> up. Then I QUICKLY open an ssh session and I'm in from there.
> If I do an
> IFCONFIG, the 2nd NIC I plan to use for management shows NO
> activity, though
> it is active and I can log in through it. Something
> definitely wrong here. I
> wonder if the pegged CPU utilitization has something to do
> with the lack of
> response? I can't think of a reason why the 2nd NIC would
> have no activity
> though.
>
> Any technical gurus out there that might have some ideas?
>
> Thanks!
> Paul
>
> _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]