Dnia poniedziałek, 21 listopada 2005 19:48, Jakub Wartak napisał: > Dnia niedziela, 20 listopada 2005 23:59, Paolo Lucente napisał: > > Hello Jakub, > > Hello Paolo, thanks for reply :) >
Nevermind, i guess that i found the problem: viruses are generating huge traffic on port 445 to random ips in class 192.168.x.y ( they are automaticly blocked using ipt_recent on linux routers, but libpcap still can see them [ fprobe is based on libpcap ] ). I added: sql_preprocess: minp=5, minb=20000 sql_preprocess_type: all sql_refresh_time: 120 to my config. I think ( after 10 minutes of testing ) that this solved my issue ( load-avg is steady, acct_in && acct_out are not growing rapidly anymore ). I'm going to post more results in several days, how this configuration performs :) Thanks for support :) -- Jakub Wartak -vnull FreeBSD/OpenBSD/Linux/Solaris/Network Administrator http://vnull.pcnet.com.pl/
