Hi,
in the last few days something was causing after about 30 minutes almost 100% CPU for snort. No high traffic on any interface. It takes about 1-2 minutes. In ips.log I can see:
[Jan 14 21:58:22 :1133]:failed to get sessiontbl data for session id 9441 rev 52778 pkt_len 40 datalink_type 228 direction 1 daq_source 0 is_tcp 1 nseid 0 is_ssl_non_app_appdata 0, dropping packet
[Jan 14 21:58:22 :1133]:Error reading session data,status -1
[Jan 14 21:58:22 :1133]:failed to get sessiontbl data for session id 17038 rev 53026 pkt_len 52 datalink_type 228 direction 1 daq_source 0 is_tcp 1 nseid 0 is_ssl_non_app_appdata 0, dropping packet
[Jan 14 21:58:22 :1133]:Error reading session data,status -1
[Jan 14 21:58:22 :1133]:failed to get sessiontbl data for session id 18535 rev 23402 pkt_len 48 datalink_type 228 direction 1 daq_source 0 is_tcp 1 nseid 0 is_ssl_non_app_appdata 0, dropping packet
[Jan 14 21:58:22 :1133]:Error reading session data,status -1
[Jan 14 21:58:22 :1133]:failed to get sessiontbl data for session id 10039 rev 48232 pkt_len 52 datalink_type 228 direction 1 daq_source 0 is_tcp 1 nseid 0 is_ssl_non_app_appdata 0, dropping packet
[Jan 14 21:58:22 :1133]:Error reading session data,status -1
How to find the reason of this ? I have SFOS 18.0.4.
This thread was automatically locked due to age.
