Snort 100% CPU usage after 126 update

General questions.
Post Reply
User avatar
sardonico
Posts: 1
Joined: December 16th, 2016, 3:44 pm
Location: Sardinia, Italy

Snort 100% CPU usage after 126 update

Post by sardonico » January 9th, 2019, 5:00 pm

Hi,
after installing the update 126 snort (with few Sourcefire registered active rules) is occupying my CPU:

Code: Select all

[root@firewall ~]# top
top - 17:42:32 up 4 days, 23:40,  1 user,  load average: 2.07, 2.08, 2.03
Tasks: 273 total,   3 running, 234 sleeping,   0 stopped,   0 zombie
Cpu(s): 86.7%us,  5.9%sy,  0.0%ni,  0.0%id,  0.0%wa,  1.0%hi,  6.4%si,  0.0%st
Mem:   3968852k total,  2899904k used,  1068948k free,    77820k buffers
Swap:   993740k total,      512k used,   993228k free,   345604k cached

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND
16170 root      20   0  622m 533m 5416 R   99 13.8   2242:25 snort
24963 root      20   0  571m 483m 6316 R   84 12.5  83:08.54 snort
    7 root      20   0     0    0    0 S    0  0.0   8:33.44 ksoftirqd/0
10160 root      20   0 11612 2704 2244 R    0  0.1   0:00.02 top
13332 root      20   0 27096 4292 3772 S    0  0.1   4:13.02 hostapd
31822 root      20   0     0    0    0 I    0  0.0   0:07.16 kworker/0:0
    1 root      20   0  4516 1712 1616 S    0  0.0   0:04.43 init
    2 root      20   0     0    0    0 S    0  0.0   0:00.03 kthreadd
    4 root       0 -20     0    0    0 I    0  0.0   0:00.00 kworker/0:0H
[...]
Any ideas?
Image
Image

Post Reply