From: compdoc <co...@ho...> - 2009-03-27 21:55:30
|
That's a very small amount of ram. Is it using any swap? I have snort enabled on a couple of efw servers and I never hear from it - no warnings, info, etc. Maybe I'm not important enough to hack... -----Original Message----- From: Bart Heinsius [mailto:bhe...@gm...] Sent: Friday, March 27, 2009 3:25 PM To: efw...@li... Subject: [Efw-user] Snort CPU load limits download speed Hi, I have a 30mbps symmetric internet link attached to the red interface of my Endian 2.2RC3 firewall running in a Xen VM on a Dell R200 Quad Core X3230, 2.66GHz/2x4M 1066FSB. The Endian VM has 1 processor and 128MB memory allocated. I noticed that my download speed is around 20mbps max instead of the 30mbps the link provides. On the Endian machine I see that snort takes nearly 100% when downloading. When I disable snort the CPU load is back to 0 and my download speed is back to 30mbps. Is it normal for snort to use that much CPU? Is there a way to reduce the amount of CPU snort uses? Do I need snort? -Bart |