Results 1 to 11 of 11
  1. #1

    * snort???? Server load is hight high!!!!!!!!!!!!!!!!!

    Hi guys
    i am useing cpanel and cento OS, THE SERVER LOAD IS REALY HIGH AND WHEN I TYPE TOP IN THE SSH I GET THIS
    7944 root 15 0 1256 1256 796 R 0.5 0.2 0:00 0 top
    1032 snort 15 0 29164 5052 400 S 0.3 1.0 1:43 0 snort
    27207 root 19 4 2288 128 96 S N 0.3 0.0 0:39 0 httpd
    1 root 15 0 112 80 56 S 0.0 0.0 0:05 0 init
    2 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 keventd
    3 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 kapmd
    4 root 34 19 0 0 0 SWN 0.0 0.0 0:00 0 ksoftirqd_CPU
    9 root 25 0 0 0 0 SW 0.0 0.0 0:00 0 bdflush
    5 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 kswapd
    6 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 kscand/DMA
    7 root 16 0 0 0 0 SW 0.0 0.0 0:07 0 kscand/Normal
    8 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 kscand/HighMe
    10 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 kupdated
    11 root 25 0 0 0 0 SW 0.0 0.0 0:00 0 mdrecoveryd
    15 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 kjournald
    651 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 kjournald


    There is a user called snort i never seen this b4 ?

    please advice
    thanks

  2. #2
    22:20:59 up 1:57, 1 user, load average: 1.50, 0.71, 0.38
    231 processes: 228 sleeping, 2 running, 1 zombie, 0 stopped
    CPU states: 54.3% user 5.5% system 3.1% nice 0.0% iowait 36.9% idle
    Mem: 481472k av, 476212k used, 5260k free, 0k shrd, 21976k buff
    299812k actv, 63544k in_d, 9588k in_c
    Swap: 979956k av, 227668k used, 752288k free 155740k cached

    PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND
    27207 root 19 4 2264 104 72 S N 99.9 0.0 0:42 0 httpd
    8717 root 24 0 8284 8284 2564 D 45.0 1.7 0:03 0 rpmq
    8705 root 17 0 20212 19M 1344 S 12.0 4.1 0:01 0 ensurerpm2
    5 root 15 0 0 0 0 SW 0.3 0.0 0:00 0 kswapd
    1032 snort 15 0 29140 4948 376 S 0.3 1.0 1:45 0 snort
    7944 root 15 0 864 864 404 R 0.3 0.1 0:01 0 top
    3358 root 15 0 316 112 80 S 0.1 0.0 0:00 0 sshd
    4425 mailman 23 8 3128 1180 268 S N 0.1 0.2 0:00 0 python2
    6567 nobody 19 4 0 0 0 Z N 0.1 0.0 0:00 0 httpd <defunc
    1 root 15 0 100 68 44 S 0.0 0.0 0:05 0 init
    2 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 keventd
    3 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 kapmd
    4 root 34 19 0 0 0 SWN 0.0 0.0 0:00 0 ksoftirqd_CPU
    9 root 25 0 0 0 0 SW 0.0 0.0 0:00 0 bdflush
    6 root 15 0 0 0 0 SW 0.0 0.0 0:00 0 kscand/DMA
    7 root 15 0 0 0 0 SW 0.0 0.0 0:08 0 kscand/Normal

  3. #3
    Join Date
    Apr 2002
    Location
    USA
    Posts
    5,779
    snort is an intrusion detection software and you can see some of the things it is doing such as ensurerpm2 which is testing your rpm's to make sure no hackers have broken in and changed them. Unless of couse someone has broken in and changed your snort.

  4. #4
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    Did you install snort? Or have a management company install it? Several of them do it. I usually dont recommend using snort on webservers.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  5. #5
    a management company install it , but the forums on my websites are loading soo slowly , is theres a way to make it faster

  6. #6
    Join Date
    Apr 2002
    Location
    USA
    Posts
    5,779
    Well that is the problem with snort it is a great tool but when it is working it can be a resource hog.

    You can ask your management company to work on the rule set a bit so it is not so resource intensive. The other problem with snort is very few people really know how to set it up properly and as such just load a default rule set they picked up somewhere that may kill a web server.

  7. #7
    is there is a way to stop it untill they fix it

  8. #8
    Join Date
    Sep 2000
    Location
    Alberta, Canada
    Posts
    3,109
    When logged in SSH as 'root' use: kill -9 1032

    But it might have feature to restart itself so you will need to monitor it for awhile.
    PotentProducts.com - for all your Hosting needs
    Helping people Host, Create and Maintain their Web Site
    ServerAdmin Services also available

  9. #9
    But why the forums and the scripts that use databases are soo slow

  10. #10
    Join Date
    Sep 2000
    Location
    Alberta, Canada
    Posts
    3,109
    Because your Server is too busy or underpowered.

    231 processes: 228 sleeping, 2 running, 1 zombie, 0 stopped
    CPU states: 54.3% user 5.5% system 3.1% nice 0.0% iowait 36.9% idle
    Mem: 481472k av, 476212k used, 5260k free, 0k shrd, 21976k buff
    Swap: 979956k av, 227668k used,

    231 processes: << this tells us your Server is quite busy
    Swap: 979956k av, 227668k used, << this tells us 512 MB of RAM is just not enough

    Get more RAM for sure and/or have someone optimze Apache for you. Could be you need your Server hardened (as in security beefed up) as well.
    PotentProducts.com - for all your Hosting needs
    Helping people Host, Create and Maintain their Web Site
    ServerAdmin Services also available

  11. #11
    But there is only one website on this server,but its big

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •