SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0003274: After installation of 2.4.1 and restoring backup from 2.4. Snort has high CPU usage - MantisBT
MantisBT - Endian Firewall
View Issue Details
0003274Endian FirewallIntrusion Preventionpublic2010-11-09 09:022010-11-25 20:35
baldy 
lorenzo-endian 
normalmajorhave not tried
closedfixed 
2.4 
2.4 
0003274: After installation of 2.4.1 and restoring backup from 2.4. Snort has high CPU usage
After installing the 2.4.1 rc1 ISO and restoring my 2.4.0 backup Snort is running constantly at max CPU.

On 2.4 system was only using 5-10% cpu on average.

System is a Pentium D 2.8 with 2 GB ram.
No tags attached.
jpg Snort top.jpg (80,773) 2010-11-09 09:02
https://bugs.endian.com/file_download.php?file_id=516&type=bug
jpg

jpg Snort gui.jpg (181,585) 2010-11-09 09:03
https://bugs.endian.com/file_download.php?file_id=517&type=bug
jpg
Issue History
2010-11-09 09:02baldyNew Issue
2010-11-09 09:02baldyFile Added: Snort top.jpg
2010-11-09 09:03baldyFile Added: Snort gui.jpg
2010-11-09 09:28ra-endianStatusnew => acknowledged
2010-11-09 09:29ra-endianStatusacknowledged => new
2010-11-09 09:29ra-endianAssigned To => lorenzo-endian
2010-11-09 14:08lorenzo-endianStatusnew => acknowledged
2010-11-09 16:33baldyNote Added: 0005060
2010-11-09 20:24lorenzo-endianNote Added: 0005065
2010-11-09 21:53baldyNote Added: 0005066
2010-11-10 08:11baldyNote Added: 0005071
2010-11-11 09:44lorenzo-endianNote Added: 0005086
2010-11-11 09:44lorenzo-endianStatusacknowledged => confirmed
2010-11-11 14:22lorenzo-endianStatusconfirmed => feedback
2010-11-11 20:57baldyNote Added: 0005094
2010-11-11 20:59lorenzo-endianNote Added: 0005095
2010-11-23 06:56lorenzo-endianNote Added: 0005180
2010-11-25 18:27baldyNote Added: 0005211
2010-11-25 20:35lorenzo-endianNote Added: 0005212
2010-11-25 20:35lorenzo-endianStatusfeedback => closed
2010-11-25 20:35lorenzo-endianResolutionopen => fixed
2010-11-25 20:35lorenzo-endianFixed in Version => 2.4

Notes
(0005060)
baldy   
2010-11-09 16:33   
CPU usage is now down, but still Snort is using over 25%.
(0005065)
lorenzo-endian   
2010-11-09 20:24   
Hi Baldy,

up to now I am not able to reproduce this error...let me try tomorrow morning!

Thanks a lot

Lo
(0005066)
baldy   
2010-11-09 21:53   
Hi Lo,

Seems to be related to downloading.

Currently system is running normal cpu load, also no downloads at the moment.

Will try tomorrow with some large downloads.
(0005071)
baldy   
2010-11-10 08:11   
Hi Lo,

Snort CPU usage is related to downloading.

Started 2 torrents this morning and CPU usage went straight up to max.

Regards,

Baldy
(0005086)
lorenzo-endian   
2010-11-11 09:44   
Hi Baldy,

I can confirm that the CPU goes at 80% if e.g.: a torrent download is running.

The problem seems to be related to the SNORT rules; you can try to modify them in order to decrease the CPU usage.

Thanks a lot

Lo
(0005094)
baldy   
2010-11-11 20:57   
Hi Lo,

I have disabled the p2p rules and cpu load now remains normal.

Regards,

Baldy
(0005095)
lorenzo-endian   
2010-11-11 20:59   
Hi Baldy!

thanks a lot for the tests!

Lo
(0005180)
lorenzo-endian   
2010-11-23 06:56   
Hey Baldy!

does this problem still persist? could you try if it happen even with the last updates?

Thanks in advance!

Lo
(0005211)
baldy   
2010-11-25 18:27   
Hi Lo,

Just finished testing with the latest Snort rules.

When downloading at 2.0MB/s cpu usage is around 16%.

Seems to be okay now.
(0005212)
lorenzo-endian   
2010-11-25 20:35   
Hey baldy,

happy to see that now all works fine :)

Thanks for you support and test!

Lo