Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Control Box (Control box CPU at 100%with Intrusion Protection on)
  •  
spnn

Messages: 1
Karma: 0
Send a private message to this user
We switched from Kerio Control software to the Control Box. It has this nasty habit that when the Intrusion Protection is turned on, the CPU jumps to 100%, and we lose the Internet. We have had the box a couple of months, and it didn't start out this way. It had this problem for a week in May, disappeared, and is now back. Any ideas?
  •  
J_Warren

Messages: 3
Karma: 0
Send a private message to this user
First thing I would do is check snort.conf and see what your config search-method is set to.

I am not too familiar with the setup of the Control Box. I don't know if it uses a snort.tmpl as the master to build the snort.conf on each startup of the service like the software version, or if there is a single, static snort.conf file. If it is the former case, look for the snort.tmpl file.

If you have enough memory on the box, try and set config search-method to "ac-bnfa-q search-optimize".

It will use up more memory, but is faster. If there isn't enough memory, you can throttle back to trying "lowmem search-optimize", but the lowmem method is generally regarded to be slower than ac-bnfa.

Second thing is that you may have a rule in your Snort rules that is causing this problem. It's unlikely, because normally the Kerio snort rules are vetted to make sure there are no issues.

I would also take a look at the outgoing traffic on your network. Is there something inside that is spamming out huge numbers of connections all at once, such as Skype? If you've got a huge number of connections, or a very large transfer / high speed transfer, obviously Snort is going to suck up more CPU cycles as it tries to handle all of the traffic.

That's all I can suggest offhand. I hope it helps a little.

EDIT: Though of one other thing - look in your snort.conf file are see what your HOME_NET is set to. If it is only the external IP of the Kerio Box, edit the snort.tmpl file to change it such that you have something like this:
(say your internal LAN address range is 10.0.0.1-254)
var HOME_NET [$HOME_NET$,10.0.0.0/24]

[Updated on: Fri, 17 June 2011 15:26]

Previous Topic: Snort and Netfilter
Next Topic: kerio vpn in ubuntu 11.04 x64
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Nov 24 06:56:30 CET 2017

Total time taken to generate the page: 0.00328 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.