SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0003274: After installation of 2.4.1 and restoring backup from 2.4. Snort has high CPU usage - MantisBT Endian Bugtracker
Endian Issue Tracker





Please see now our new Bugtracker system: JIRA








View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0003274Endian FirewallIntrusion Preventionpublic2010-11-09 09:022010-11-25 20:35
Reporterbaldy 
Assigned Tolorenzo-endian 
PrioritynormalSeveritymajorReproducibilityhave not tried
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version2.4 
Target VersionFixed in Version2.4 
Summary0003274: After installation of 2.4.1 and restoring backup from 2.4. Snort has high CPU usage
DescriptionAfter installing the 2.4.1 rc1 ISO and restoring my 2.4.0 backup Snort is running constantly at max CPU.

On 2.4 system was only using 5-10% cpu on average.

Additional InformationSystem is a Pentium D 2.8 with 2 GB ram.
TagsNo tags attached.
Attached Filesjpg file icon Snort top.jpg [^] (80,773 bytes) 2010-11-09 09:02


jpg file icon Snort gui.jpg [^] (181,585 bytes) 2010-11-09 09:03

- Relationships

-  Notes
(0005060)
baldy (reporter)
2010-11-09 16:33

CPU usage is now down, but still Snort is using over 25%.
(0005065)
lorenzo-endian (manager)
2010-11-09 20:24

Hi Baldy,

up to now I am not able to reproduce this error...let me try tomorrow morning!

Thanks a lot

Lo
(0005066)
baldy (reporter)
2010-11-09 21:53

Hi Lo,

Seems to be related to downloading.

Currently system is running normal cpu load, also no downloads at the moment.

Will try tomorrow with some large downloads.
(0005071)
baldy (reporter)
2010-11-10 08:11

Hi Lo,

Snort CPU usage is related to downloading.

Started 2 torrents this morning and CPU usage went straight up to max.

Regards,

Baldy
(0005086)
lorenzo-endian (manager)
2010-11-11 09:44

Hi Baldy,

I can confirm that the CPU goes at 80% if e.g.: a torrent download is running.

The problem seems to be related to the SNORT rules; you can try to modify them in order to decrease the CPU usage.

Thanks a lot

Lo
(0005094)
baldy (reporter)
2010-11-11 20:57

Hi Lo,

I have disabled the p2p rules and cpu load now remains normal.

Regards,

Baldy
(0005095)
lorenzo-endian (manager)
2010-11-11 20:59

Hi Baldy!

thanks a lot for the tests!

Lo
(0005180)
lorenzo-endian (manager)
2010-11-23 06:56

Hey Baldy!

does this problem still persist? could you try if it happen even with the last updates?

Thanks in advance!

Lo
(0005211)
baldy (reporter)
2010-11-25 18:27

Hi Lo,

Just finished testing with the latest Snort rules.

When downloading at 2.0MB/s cpu usage is around 16%.

Seems to be okay now.
(0005212)
lorenzo-endian (manager)
2010-11-25 20:35

Hey baldy,

happy to see that now all works fine :)

Thanks for you support and test!

Lo

- Issue History
Date Modified Username Field Change
2010-11-09 09:02 baldy New Issue
2010-11-09 09:02 baldy File Added: Snort top.jpg
2010-11-09 09:03 baldy File Added: Snort gui.jpg
2010-11-09 09:28 ra-endian Status new => acknowledged
2010-11-09 09:29 ra-endian Status acknowledged => new
2010-11-09 09:29 ra-endian Assigned To => lorenzo-endian
2010-11-09 14:08 lorenzo-endian Status new => acknowledged
2010-11-09 16:33 baldy Note Added: 0005060
2010-11-09 20:24 lorenzo-endian Note Added: 0005065
2010-11-09 21:53 baldy Note Added: 0005066
2010-11-10 08:11 baldy Note Added: 0005071
2010-11-11 09:44 lorenzo-endian Note Added: 0005086
2010-11-11 09:44 lorenzo-endian Status acknowledged => confirmed
2010-11-11 14:22 lorenzo-endian Status confirmed => feedback
2010-11-11 20:57 baldy Note Added: 0005094
2010-11-11 20:59 lorenzo-endian Note Added: 0005095
2010-11-23 06:56 lorenzo-endian Note Added: 0005180
2010-11-25 18:27 baldy Note Added: 0005211
2010-11-25 20:35 lorenzo-endian Note Added: 0005212
2010-11-25 20:35 lorenzo-endian Status feedback => closed
2010-11-25 20:35 lorenzo-endian Resolution open => fixed
2010-11-25 20:35 lorenzo-endian Fixed in Version => 2.4

Copyright © 2005-2008 Endian, SRL. All rights reserved.


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker