Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to change nice priority of snort???

    Scheduled Pinned Locked Moved IDS/IPS
    5 Posts 2 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      robnitro
      last edited by

      Hi,
      I have snort running on my dual core 1.4 ghz mini PC router.

      Snort can use quite a bit of cpu at times, which is fine, but since it is just observing- I was thinking to renice the process to nice 20, background priority in effect.

      I've tried to modify the startup script, but that causes problems loading at times and updates will overwrite this.

      I also wrote a batch file to renice the snort process through cron but it doesn't work in cron, but works fine from cli (tsh or bash).  Annoying… both are using root.

      My usr/sbin  reni script to renice by name:

      renice $1 -p $(pidof $2)

      Works well, example,  reni 19 snort  works fine from cli:

      [2.3.2-RELEASE][root@router.lan]/root: reni 19 snort
40071: old priority 0, new priority 19

      But in cron, I have done many ways and it does not take effect, despite other scripts doing so:

      */1	*	*	*	*	root	/usr/local/sbin/reni.sh 20 snort

      */1	*	*	*	*	root	/bin/sh /usr/local/sbin/reni.sh 20 snort

      Both don't work, even trying to reni the other processes too.

      Anyone have a clue what I could do to renice the processes?

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        Modify the package. (Horrible idea here, reduce your ruleset or get a better HW if yours cannot cope with the task. This absolutely should NOT run at background priority.)

        1 Reply Last reply Reply Quote 0
        • R
          robnitro
          last edited by

          It's a 50/50 line, which doesn't come close to taxing my cpu.

          But sometimes snort will use up a lot of cpu even when the connection is less than 1 mbit used.  I don't know if that is a bug or what, but I'm not too concerned with the protection skipping things under bursts of high load.

          It's just aggravating how a script that works to renice a program does not seem to want to take effect under cron.  I've tried many different methods and none of them seem to work.  On windows, it's not much easier, I use process hacker to set default cpu/io priorities so things like backups, defrags,  or commercial scans (HTPC cablecard) run only with free resources- not interfering with the critical or normal user processes (like video playing or WMC UI).

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            This is not how you do it, as already said.

            https://github.com/pfsense/FreeBSD-ports/blob/devel/security/pfSense-pkg-snort/files/usr/local/pkg/snort/snort.inc#L2767

            Enough hints here.

            1 Reply Last reply Reply Quote 0
            • R
              robnitro
              last edited by

              Yes, I found the line but I'm still perplexed why I can't renice a process through cron.
              In openwrt, it was no problem.  Why is cron different here???

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.