Re: Snort 2.6.1.3 ignoring stream4

["Paul Melson" <pmelson () gmail com>]

> Just a question, we'll have to look at this more intensly, but try 
> config detection: search-method ac-bnfa

Adam & Joel,

I made this change on the affected sensor last night and I am now seeing
packet drop% peaks in the 55-60 range, almost double where it was before.
Additionally, CPU utilization for that process climbed up to 100% this
morning (with the start of business) and hasn't dipped below 90%.  It is
typically in the 60-80%  range during business hours.  Previously, there was
no uncommented 'config detection' line in the snort.conf file.

So I've removed that change and am back to where things were when I first
posted.  If it matters, the sensor is on RHEL4 on x86 and had very small
load on the same hardware with 2.6.0 and prior.

Thanks,
PaulM



-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users