CPU 100% avec snort

codercrack

Bonjour,

voila ma config cpu intel 2.93 Ghz avec 1 Go de mémoire vive, un disque dur 40 Go en IDE (car le sata ne marche pas !!!)
tous ca tourne avec Pfsense 1.2.3 RC2
Mais voilà depuis la MAJ 1.2.3 RC1 ver la RC2 et la reinstallation de Snort j'ai le CPU qui est à 100 %.
en plus de ce problème snort ne ce lance pas toujours automatiquement.
voici un morceau de mes log apres demarrage de snort.

Jul 13 12:59:56 SnortStartup[24870]: Ram free BEFORE starting Snort: 111M – Ram free AFTER starting Snort: 111M -- Mode ac-sparsebands -- Snort memory usage:
Jul 13 12:59:39 snort[24775]: Daemon initialized, signaled parent pid: 24633
Jul 13 12:59:39 snort[24775]: Daemon initialized, signaled parent pid: 24633
Jul 13 12:59:39 snort[24633]: Daemon parent exiting
Jul 13 12:59:39 snort[24633]: Daemon parent exiting
Jul 13 12:59:39 snort[24775]: Writing PID "24775" to file "/var/run//snort_ng0.pid"
Jul 13 12:59:39 snort[24775]: Writing PID "24775" to file "/var/run//snort_ng0.pid"
Jul 13 12:59:39 snort[24775]: PID path stat checked out ok, PID path set to /var/run/
Jul 13 12:59:39 snort[24775]: PID path stat checked out ok, PID path set to /var/run/
Jul 13 12:59:39 kernel: ng0: promiscuous mode enabled
Jul 13 12:59:39 snort[24633]: Initializing daemon mode
Jul 13 12:59:39 snort[24633]: Initializing daemon mode
Jul 13 12:59:39 kernel: ng0: promiscuous mode disabled
Jul 13 12:59:39 kernel: ng0: promiscuous mode enabled
Jul 13 12:59:39 snort[24633]: 476 out of 512 flowbits in use.
Jul 13 12:59:39 snort[24633]: 476 out of 512 flowbits in use.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'eot.download' is set but not ever checked.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'eot.download' is set but not ever checked.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'buttman.1' is set but not ever checked.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'buttman.1' is set but not ever checked.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'Netspy_Command_Pattern' is set but not ever checked.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'Netspy_Command_Pattern' is set but not ever checked.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'caff_request' is set but not ever checked.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'caff_request' is set but not ever checked.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'dce.printer.bind' is set but not ever checked.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'dce.printer.bind' is set but not ever checked.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'ScreenControl_capture2213' is set but not ever checked.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'ScreenControl_capture2213' is set but not ever checked.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'outbreak_ring_stc' is set but not ever checked.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'outbreak_ring_stc' is set but not ever checked.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'Evade_File_Manager1' is set but not ever checked.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'Evade_File_Manager1' is set but not ever checked.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'bit.3xBackdoorconnection' is set but not ever checked.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'bit.3xBackdoorconnection' is set but not ever checked.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'BS.SSL.Server.Cert' is set but not ever checked.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'BS.SSL.Server.Cert' is set but not ever checked.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'AM_Remote_Client' is set but not ever checked.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'AM_Remote_Client' is set but not ever checked.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'Omniquad_IRC_InitConnection' is set but not ever checked.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'Omniquad_IRC_InitConnection' is set but not ever checked.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'irc.trojan' is set but not ever checked.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'irc.trojan' is set but not ever checked.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'download.pecompact.binary' is checked but not ever set.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'download.pecompact.binary' is checked but not ever set.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'Mantis_Notify2' is set but not ever checked.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'Mantis_Notify2' is set but not ever checked.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'flux10.3' is set but not ever checked.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'flux10.3' is set but not ever checked.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'http.jpeg' is checked but not ever set.
Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'http.jpeg' is checked but not ever set.

Merci d'avance pour votre aide !!!