Does the new box support MSI-X and/or PCIe v3? I would think that disabling HT (as in HyperThreading) would be the last thing you would want to do.
________________________________________ From: [email protected] [[email protected]] on behalf of Scott Finlon [[email protected]] Sent: Wednesday, July 17, 2013 1:52 PM To: [email protected] Subject: [Ntop-misc] PF_RING / DNA + Snort I am in the process of moving Snort from an older box to a new box. Both are RHEL 6 x64, both with the same NICs. I am using PF_RING/DNA to split traffic across CPU cores on the box, and can verify using pf_count_multichanel that traffic is being split the way it should be. I compiled Snort on the new box fresh, but copied the configs over. The old box CPU is currently sitting around 10%, the new box has the cores pegged at 99-100%. I disabled HT on the new box, but the CPU is still maxed. This looks like more of a Snort issue, not so much PF_RING, but I asked over there and they aren't sure what might be the cause. Anyone have any other ideas of what might be causing this to happen? Scott Finlon, CISSP GCIA ----------------------------------- Information Security Engineer The University of Scranton email : [email protected] phone : 570-941-6168 ----------------------------------- _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
