Comments on: Snort_inline updated to 2.8.2.1 in SVN http://www.inliniac.net/blog/2008/06/18/snort_inline-updated-to-2821-in-svn.html Everything inline. Sat, 22 Nov 2008 08:19:09 +0000 http://wordpress.org/?v=2.6.3 By: Luca http://www.inliniac.net/blog/2008/06/18/snort_inline-updated-to-2821-in-svn.html#comment-11652 Luca Tue, 12 Aug 2008 16:59:58 +0000 http://www.inliniac.net/blog/?p=126#comment-11652 Hello, i have update my sensor from 2.8.0.1 to 2.8.2.1 and i have a lot of performance problem: snort_inline starts and, after 2/3 minutes, the cpu's will go to 100%. I have try with stream4 and stream5 preprocessor: Nothing to do. I have try to disable the clamav preprocessor: nothing to do. I have try to esclude port 80 from stream5: nothing to do. No problem with version 2.8.0.1. Linux version 2.6.25.11-97.fc9.i686 Dell PowerEdge SC1435 - 2X Dual-Core AMD Opteron(tm) Processor 2222 SE stepping 03 (3Ghz) - 4GB Ram 1333 - 2 HDD Sata2 - 2x nic GB PCRE 7.3 (from Fedora) LibNet 1.1.3-RC-01 with ipv6 patch libdnet 1.12 Clamav 0.93.3 Internet Line: 10MB Snort_inline: ./configure --enable-clamav --with-clamav-includes=/usr/include --with-clamav-defdir=/var/lib/clamav --enable-dynamicplugin --enable-stream4udp --enable-pthread --enable-memory-cleanup --enable-inline-init-failopen Fedora 9 with tcpip and file system optiomization (sysctl.conf): kern.maxfiles=4040 kern.maxfilesperproc=3636 vm.bdflush = 100 1200 128 512 500 6000 500 0 0 vm.buffermem = 80 10 60 fs.file-max = 102400 vm.freepages = 1532 3064 4596 vm.pagecache = 8 25 85 net.ipv4.tcp_max_tw_buckets = 720000 net.core.optmem_max = 10000000 net.core.hot_list_length = 102400 net.ipv4.tcp_mem = 100000000 100000000 100000000 net.ipv4.tcp_wmem = 100000000 100000000 100000000 net.ipv4.tcp_rmem = 30000000 30000000 30000000 net.core.rmem_max = 10485760 net.core.rmem_default = 10485760 net.core.wmem_max = 10485760 net.core.wmem_default = 10485760 ip_queue set to 4086 Please help me! Thanks ;-) Hello, i have update my sensor from 2.8.0.1 to 2.8.2.1 and i have a lot of performance problem: snort_inline starts and, after 2/3 minutes, the cpu’s will go to 100%. I have try with stream4 and stream5 preprocessor: Nothing to do. I have try to disable the clamav preprocessor: nothing to do. I have try to esclude port 80 from stream5: nothing to do. No problem with version 2.8.0.1.

Linux version 2.6.25.11-97.fc9.i686
Dell PowerEdge SC1435 - 2X Dual-Core AMD Opteron(tm) Processor 2222 SE stepping 03 (3Ghz) - 4GB Ram 1333 - 2 HDD Sata2 - 2x nic GB
PCRE 7.3 (from Fedora)
LibNet 1.1.3-RC-01 with ipv6 patch
libdnet 1.12
Clamav 0.93.3
Internet Line: 10MB

Snort_inline:
./configure –enable-clamav –with-clamav-includes=/usr/include –with-clamav-defdir=/var/lib/clamav –enable-dynamicplugin –enable-stream4udp –enable-pthread –enable-memory-cleanup –enable-inline-init-failopen

Fedora 9 with tcpip and file system optiomization (sysctl.conf):

kern.maxfiles=4040
kern.maxfilesperproc=3636
vm.bdflush = 100 1200 128 512 500 6000 500 0 0
vm.buffermem = 80 10 60
fs.file-max = 102400
vm.freepages = 1532 3064 4596
vm.pagecache = 8 25 85
net.ipv4.tcp_max_tw_buckets = 720000
net.core.optmem_max = 10000000
net.core.hot_list_length = 102400
net.ipv4.tcp_mem = 100000000 100000000 100000000
net.ipv4.tcp_wmem = 100000000 100000000 100000000
net.ipv4.tcp_rmem = 30000000 30000000 30000000
net.core.rmem_max = 10485760
net.core.rmem_default = 10485760
net.core.wmem_max = 10485760
net.core.wmem_default = 10485760

ip_queue set to 4086

Please help me!

Thanks ;-)

]]>