On Sat, Mar 14, 2009 at 12:00:51PM -0700, Sean Whitney wrote: > I'm running snort on two interfaces, however before when I was running > one it was still using all available CPU. > > Here is striped snort.conf (...)
I see you have the frag preprocessor commented out. Did you do this after the update? I'm not sure what is causing this issue, it might be because your server is receiving too much traffic and Snort is not able to keep up with it. What is the value of your HOME_NET? (defined in /etc/snort/snort.debian.conf as DEBIAN_SNORT_HOME_NET). Regards Javier
signature.asc
Description: Digital signature
