Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: pcre high cpu usage

From: Tomas Heredia <tomas.heredia () activesec biz>
Date: Tue, 19 Oct 2010 11:00:15 -0300
 El 19/10/2010 10:50 a.m., Alex Kirk escribió:


    BTW: most offending rules (with like 10000 ticks avg!!) were 4676
    and 4677, related to Oracle Enterprise Manager. They had the
    destination restricted to the only OEM in the net, but that was
    enough to cause that delays... May be it's time to think in PCRE
    ofloading! :-)
    Best regards,
    Tomás


What revisions of those rules are you running? We had revs out briefly
that were severely problematic, and we updated them as soon as we
realized. I want to make sure the current versions of those two aren't
causing problems.

both rev 5, updated on oct 12

Regards,
Tomás


------------------------------------------------------------------------------
Download new Adobe(R) Flash(R) Builder(TM) 4
The new Adobe(R) Flex(R) 4 and Flash(R) Builder(TM) 4 (formerly 
Flex(R) Builder(TM)) enable the development of rich applications that run
across multiple browsers and platforms. Download your free trials today!
http://p.sf.net/sfu/adobe-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: