[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-onion
Subject:    [security-onion] Master server - MYSQLD 2 instances 100% CPU Sguild 100%
From:       "'Philip Robson' via security-onion" <security-onion () googlegroups ! com>
Date:       2018-09-27 17:26:39
Message-ID: eb3876eb-2afd-4dbf-9910-e11aa5152209 () googlegroups ! com
[Download RAW message or body]


I have been tweaking the snort rules today, i put it back to how it was but came back \
to it later to run a sudo rule-update, it sat at running pulled-pork for a very long \
time, i cancelled it and looked at htop to see the above processes hitting the system \
hard, it has 8 cores and those 3 are consuming 100% of 3 cores.

This is the latest version with a distributed setup, kibana also shows no snort \
alerts for some time while bro is fine.

I have run sudo so-status on the sensor and master and all is green, gave the master \
a poke to see if it helped but they are back at it.

I did use sguild in the morning but closed it down, didnt have any issues after until \
the past hour or so.

I have tried opening sguild since to see if my querys were still running but it \
cannot connect on the port.

Any ideas.

Thanks
Phil

-- 
Follow Security Onion on Twitter!
https://twitter.com/securityonion
--- 
You received this message because you are subscribed to the Google Groups \
"security-onion" group. To unsubscribe from this group and stop receiving emails from \
it, send an email to security-onion+unsubscribe@googlegroups.com. To post to this \
group, send email to security-onion@googlegroups.com. Visit this group at \
https://groups.google.com/group/security-onion. For more options, visit \
https://groups.google.com/d/optout.



[prev in list] [next in list] [prev in thread] [next in thread]