4. CPU 100% avec snort

CPU 100% avec snort

  • C

    Bonjour,

    voila ma config cpu intel 2.93 Ghz avec 1 Go de mémoire vive, un disque dur 40 Go en IDE (car le sata ne marche pas !!!)
    tous ca tourne avec Pfsense 1.2.3 RC2
    Mais voilà depuis la MAJ 1.2.3 RC1 ver la RC2 et la reinstallation de Snort j'ai le CPU qui est à 100 %.
    en plus de ce problème snort ne ce lance pas toujours automatiquement.
    voici un morceau de mes log apres demarrage de snort.

    Jul 13 12:59:56 SnortStartup[24870]: Ram free BEFORE starting Snort: 111M – Ram free AFTER starting Snort: 111M -- Mode ac-sparsebands -- Snort memory usage:
    Jul 13 12:59:39 snort[24775]: Daemon initialized, signaled parent pid: 24633
    Jul 13 12:59:39 snort[24775]: Daemon initialized, signaled parent pid: 24633
    Jul 13 12:59:39 snort[24633]: Daemon parent exiting
    Jul 13 12:59:39 snort[24633]: Daemon parent exiting
    Jul 13 12:59:39 snort[24775]: Writing PID "24775" to file "/var/run//snort_ng0.pid"
    Jul 13 12:59:39 snort[24775]: Writing PID "24775" to file "/var/run//snort_ng0.pid"
    Jul 13 12:59:39 snort[24775]: PID path stat checked out ok, PID path set to /var/run/
    Jul 13 12:59:39 snort[24775]: PID path stat checked out ok, PID path set to /var/run/
    Jul 13 12:59:39 kernel: ng0: promiscuous mode enabled
    Jul 13 12:59:39 snort[24633]: Initializing daemon mode
    Jul 13 12:59:39 snort[24633]: Initializing daemon mode
    Jul 13 12:59:39 kernel: ng0: promiscuous mode disabled
    Jul 13 12:59:39 kernel: ng0: promiscuous mode enabled
    Jul 13 12:59:39 snort[24633]: 476 out of 512 flowbits in use.
    Jul 13 12:59:39 snort[24633]: 476 out of 512 flowbits in use.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'eot.download' is set but not ever checked.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'eot.download' is set but not ever checked.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'buttman.1' is set but not ever checked.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'buttman.1' is set but not ever checked.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'Netspy_Command_Pattern' is set but not ever checked.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'Netspy_Command_Pattern' is set but not ever checked.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'caff_request' is set but not ever checked.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'caff_request' is set but not ever checked.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'dce.printer.bind' is set but not ever checked.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'dce.printer.bind' is set but not ever checked.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'ScreenControl_capture2213' is set but not ever checked.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'ScreenControl_capture2213' is set but not ever checked.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'outbreak_ring_stc' is set but not ever checked.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'outbreak_ring_stc' is set but not ever checked.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'Evade_File_Manager1' is set but not ever checked.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'Evade_File_Manager1' is set but not ever checked.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'bit.3xBackdoorconnection' is set but not ever checked.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'bit.3xBackdoorconnection' is set but not ever checked.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'BS.SSL.Server.Cert' is set but not ever checked.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'BS.SSL.Server.Cert' is set but not ever checked.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'AM_Remote_Client' is set but not ever checked.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'AM_Remote_Client' is set but not ever checked.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'Omniquad_IRC_InitConnection' is set but not ever checked.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'Omniquad_IRC_InitConnection' is set but not ever checked.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'irc.trojan' is set but not ever checked.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'irc.trojan' is set but not ever checked.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'download.pecompact.binary' is checked but not ever set.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'download.pecompact.binary' is checked but not ever set.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'Mantis_Notify2' is set but not ever checked.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'Mantis_Notify2' is set but not ever checked.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'flux10.3' is set but not ever checked.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'flux10.3' is set but not ever checked.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'http.jpeg' is checked but not ever set.
    Jul 13 12:59:39 snort[24633]: Warning: flowbits key 'http.jpeg' is checked but not ever set.

    Merci d'avance pour votre aide !!!

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy