Re: [psad-discuss] Question about psad configuration on Debian
On Oct 29, 2012, Dmitry Korzhevin wrote: > Hello, Hello Dmitry, > I have problems with psad. I downloaded latest psad version from > http://cipherdyne.org/about.html site, and installed from source, on > Debian 6.0.6 amd64 linux. > > I use this manual: > > http://www.cyberciti.biz/faq/linux-detect-port-scan-attacks/ > > And seems, after i add next iptables rules: > > iptables -A INPUT -j LOG > iptables -A FORWARD -j LOG > > system load average starts growing up to 100 LA, and server hangs.. > > Btw, this server is used as VPN gateway with about 50 users, i use > external log for iptables: /var/log/iptables.log > > > Can you please help me - how i can configure psad without such big load... The key to getting psad to work is to make sure that your iptables policy is accepting packets that for services that you want to allow, and log and drop all others. There is an iptables setup script for the Linux Firewall book available at the following link that configures iptables in this manner: http://www.cipherdyne.org/LinuxFirewalls/ch01/iptables.sh.tar.gz You would need to configure it for the specific services that you want to allow - the script serves as an illustration. Now, you might be wondering if using the iptables ACCEPT target on a large percentage of your traffic is not helpful for the kind of analysis that psad does, and this is a good question. The answer is twofold: 1) In a normal network environment, _most_ traffic is usually not malicious anyway, so on average logging TCP ACK's associated with things like web connections is not useful. psad is designed to look for port scans and sweeps among other things, and through proper use of the iptables connection tracking mechanism such packets will be logged even for services are otherwise allowed. E.g. a FIN scan against port 80 will be logged even if you are accepting traffic to port 80 because a FIN scan isn't a valid start of a TCP connection. 2) If you run fwsnort in addition to psad, then you can get iptables to log specific TCP ACK packets that contain truely malicious application layer data since fwsnort uses the string match extension along with a translated set of snort rules to detect things that you should probably care about. Thanks, --Mike > Best Regards, > Dmitry > > --- > Dmitry KORZHEVIN > System Administrator > STIDIA S.A. - Luxembourg > > e: dmitry.korzhe...@stidia.com > m: +38 093 874 5453 > w: http://www.stidia.com -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct ___ psad-discuss mailing list psad-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/psad-discuss
Re: [psad-discuss] Question about psad configuration on Debian
how abt bandwidth? could you post your top output please? On 10/29/2012 11:41 PM, Dmitry Korzhevin wrote: > According to trafshow utility: > > about 6000 PPS > > 29.10.2012 17:30, Pui Edylie пишет: >> Actually how much traffic or PPS are you pushing through this box? >> >> On 10/29/2012 11:23 PM, Pui Edylie wrote: >>> I am not sure if psad is multi threaded to fully utilize all the cores >>> which you have. >>> >>> I guess lets wait for the dev to reply :) >>> >>> On 10/29/2012 11:16 PM, Dmitry Korzhevin wrote: So, no way, to run psad? Maby i can configure iptables rules, to decrease load? 29.10.2012 17:07, Pui Edylie пишет: > Hi, > > You might want to upgrade your processor. > > This is what I used here > > processor : 7 > vendor_id : GenuineIntel > cpu family : 6 > model : 45 > model name : Intel(R) Xeon(R) CPU E5-1620 0 @ 3.60GHz > stepping: 7 > cpu MHz : 3601.000 > cache size : 10240 KB > > Regards, > Edy > > On 10/29/2012 9:37 PM, Dmitry Korzhevin wrote: >> processor : 2 >> vendor_id : GenuineIntel >> cpu family : 6 >> model : 45 >> model name : Intel(R) Xeon(R) CPU E5-2620 0 @ 2.00GHz >> stepping: 7 >> cpu MHz : 1999.000 >> cache size : 15360 KB >> physical id : 0 >> siblings: 4 >> core id : 2 >> cpu cores : 4 >> apicid : 2 >> initial apicid : 2 >> fpu : yes >> fpu_exception : yes >> cpuid level : 13 >> wp : yes >> flags : fpu vme de pse tsc msr pae mce cx8 apic sep >> mtrr pge >> mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx lm >> constant_tsc arch_perfmon rep_good nonstop_tsc aperfmperf pni >> pclmulqdq ssse3 cx16 sse4_1 sse4_2 x2apic popcnt aes hypervisor >> lahf_lm ida arat >> bogomips: 3998.00 >> clflush size: 64 >> cache_alignment : 64 >> address sizes : 40 bits physical, 48 bits virtual >> power management: >> >> >> 29.10.2012 12:37, Pui Edylie пишет: >>> What is your CPU used on this server? >>> >>> >>> On 10/29/2012 5:21 PM, Dmitry Korzhevin wrote: Hello, I have problems with psad. I downloaded latest psad version from http://cipherdyne.org/about.html site, and installed from source, on Debian 6.0.6 amd64 linux. I use this manual: http://www.cyberciti.biz/faq/linux-detect-port-scan-attacks/ And seems, after i add next iptables rules: iptables -A INPUT -j LOG iptables -A FORWARD -j LOG system load average starts growing up to 100 LA, and server hangs.. Btw, this server is used as VPN gateway with about 50 users, i use external log for iptables: /var/log/iptables.log Can you please help me - how i can configure psad without such big load... Best Regards, Dmitry --- Dmitry KORZHEVIN System Administrator STIDIA S.A. - Luxembourg e: dmitry.korzhe...@stidia.com m: +38 093 874 5453 w: http://www.stidia.com -- The Windows 8 Center - In partnership with Sourceforge Your idea - your app - 30 days. Get started! http://windows8center.sourceforge.net/ what-html-developers-need-to-know-about-coding-windows-8-metro-style-apps/ ___ psad-discuss mailing list psad-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/psad-discuss >> Best Regards, >> Dmitry >> >> --- >> Dmitry KORZHEVIN >> System Administrator >> STIDIA S.A. - Luxembourg >> >> e: dmitry.korzhe...@stidia.com >> m: +38 093 874 5453 >> w: http://www.stidia.com >> > Best Regards, Dmitry --- Dmitry KORZHEVIN System Administrator STIDIA S.A. - Luxembourg e: dmitry.korzhe...@stidia.com m: +38 093 874 5453 w: http://www.stidia.com >>> >>> >>> -- >>> >>> >>> >>> The Windows 8 Center - In partnership with Sourceforge >>> Your idea - your app - 30 days. >>> Get started! >>> http://windows8center.sourceforge.net/ >>> what-html-developers-need-to-know-about-coding-windows-8-metro-style-apps/ >>> >>> >>> __
Re: [psad-discuss] Question about psad configuration on Debian
According to trafshow utility: about 6000 PPS 29.10.2012 17:30, Pui Edylie пишет: Actually how much traffic or PPS are you pushing through this box? On 10/29/2012 11:23 PM, Pui Edylie wrote: I am not sure if psad is multi threaded to fully utilize all the cores which you have. I guess lets wait for the dev to reply :) On 10/29/2012 11:16 PM, Dmitry Korzhevin wrote: So, no way, to run psad? Maby i can configure iptables rules, to decrease load? 29.10.2012 17:07, Pui Edylie пишет: Hi, You might want to upgrade your processor. This is what I used here processor : 7 vendor_id : GenuineIntel cpu family : 6 model : 45 model name : Intel(R) Xeon(R) CPU E5-1620 0 @ 3.60GHz stepping: 7 cpu MHz : 3601.000 cache size : 10240 KB Regards, Edy On 10/29/2012 9:37 PM, Dmitry Korzhevin wrote: processor : 2 vendor_id : GenuineIntel cpu family : 6 model : 45 model name : Intel(R) Xeon(R) CPU E5-2620 0 @ 2.00GHz stepping: 7 cpu MHz : 1999.000 cache size : 15360 KB physical id : 0 siblings: 4 core id : 2 cpu cores : 4 apicid : 2 initial apicid : 2 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc arch_perfmon rep_good nonstop_tsc aperfmperf pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 x2apic popcnt aes hypervisor lahf_lm ida arat bogomips: 3998.00 clflush size: 64 cache_alignment : 64 address sizes : 40 bits physical, 48 bits virtual power management: 29.10.2012 12:37, Pui Edylie пишет: What is your CPU used on this server? On 10/29/2012 5:21 PM, Dmitry Korzhevin wrote: Hello, I have problems with psad. I downloaded latest psad version from http://cipherdyne.org/about.html site, and installed from source, on Debian 6.0.6 amd64 linux. I use this manual: http://www.cyberciti.biz/faq/linux-detect-port-scan-attacks/ And seems, after i add next iptables rules: iptables -A INPUT -j LOG iptables -A FORWARD -j LOG system load average starts growing up to 100 LA, and server hangs.. Btw, this server is used as VPN gateway with about 50 users, i use external log for iptables: /var/log/iptables.log Can you please help me - how i can configure psad without such big load... Best Regards, Dmitry --- Dmitry KORZHEVIN System Administrator STIDIA S.A. - Luxembourg e: dmitry.korzhe...@stidia.com m: +38 093 874 5453 w: http://www.stidia.com -- The Windows 8 Center - In partnership with Sourceforge Your idea - your app - 30 days. Get started! http://windows8center.sourceforge.net/ what-html-developers-need-to-know-about-coding-windows-8-metro-style-apps/ ___ psad-discuss mailing list psad-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/psad-discuss Best Regards, Dmitry --- Dmitry KORZHEVIN System Administrator STIDIA S.A. - Luxembourg e: dmitry.korzhe...@stidia.com m: +38 093 874 5453 w: http://www.stidia.com Best Regards, Dmitry --- Dmitry KORZHEVIN System Administrator STIDIA S.A. - Luxembourg e: dmitry.korzhe...@stidia.com m: +38 093 874 5453 w: http://www.stidia.com -- The Windows 8 Center - In partnership with Sourceforge Your idea - your app - 30 days. Get started! http://windows8center.sourceforge.net/ what-html-developers-need-to-know-about-coding-windows-8-metro-style-apps/ ___ psad-discuss mailing list psad-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/psad-discuss Best Regards, Dmitry --- Dmitry KORZHEVIN System Administrator STIDIA S.A. - Luxembourg e: dmitry.korzhe...@stidia.com m: +38 093 874 5453 w: http://www.stidia.com smime.p7s Description: Криптографическая подпись S/MIME -- The Windows 8 Center - In partnership with Sourceforge Your idea - your app - 30 days. Get started! http://windows8center.sourceforge.net/ what-html-developers-need-to-know-about-coding-windows-8-metro-style-apps/___ psad-discuss mailing list psad-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/psad-discuss
Re: [psad-discuss] Question about psad configuration on Debian
Actually how much traffic or PPS are you pushing through this box? On 10/29/2012 11:23 PM, Pui Edylie wrote: > I am not sure if psad is multi threaded to fully utilize all the cores > which you have. > > I guess lets wait for the dev to reply :) > > On 10/29/2012 11:16 PM, Dmitry Korzhevin wrote: >> So, no way, to run psad? Maby i can configure iptables rules, to >> decrease load? >> >> 29.10.2012 17:07, Pui Edylie пишет: >>> Hi, >>> >>> You might want to upgrade your processor. >>> >>> This is what I used here >>> >>> processor : 7 >>> vendor_id : GenuineIntel >>> cpu family : 6 >>> model : 45 >>> model name : Intel(R) Xeon(R) CPU E5-1620 0 @ 3.60GHz >>> stepping: 7 >>> cpu MHz : 3601.000 >>> cache size : 10240 KB >>> >>> Regards, >>> Edy >>> >>> On 10/29/2012 9:37 PM, Dmitry Korzhevin wrote: processor : 2 vendor_id : GenuineIntel cpu family : 6 model : 45 model name : Intel(R) Xeon(R) CPU E5-2620 0 @ 2.00GHz stepping: 7 cpu MHz : 1999.000 cache size : 15360 KB physical id : 0 siblings: 4 core id : 2 cpu cores : 4 apicid : 2 initial apicid : 2 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc arch_perfmon rep_good nonstop_tsc aperfmperf pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 x2apic popcnt aes hypervisor lahf_lm ida arat bogomips: 3998.00 clflush size: 64 cache_alignment : 64 address sizes : 40 bits physical, 48 bits virtual power management: 29.10.2012 12:37, Pui Edylie пишет: > What is your CPU used on this server? > > > On 10/29/2012 5:21 PM, Dmitry Korzhevin wrote: >> Hello, >> >> I have problems with psad. I downloaded latest psad version from >> http://cipherdyne.org/about.html site, and installed from source, on >> Debian 6.0.6 amd64 linux. >> >> I use this manual: >> >> http://www.cyberciti.biz/faq/linux-detect-port-scan-attacks/ >> >> And seems, after i add next iptables rules: >> >> iptables -A INPUT -j LOG >> iptables -A FORWARD -j LOG >> >> system load average starts growing up to 100 LA, and server hangs.. >> >> Btw, this server is used as VPN gateway with about 50 users, i use >> external log for iptables: /var/log/iptables.log >> >> >> Can you please help me - how i can configure psad without such big >> load... >> >> >> >> >> Best Regards, >> Dmitry >> >> --- >> Dmitry KORZHEVIN >> System Administrator >> STIDIA S.A. - Luxembourg >> >> e: dmitry.korzhe...@stidia.com >> m: +38 093 874 5453 >> w: http://www.stidia.com >> >> >> >> -- >> >> >> The Windows 8 Center - In partnership with Sourceforge >> Your idea - your app - 30 days. >> Get started! >> http://windows8center.sourceforge.net/ >> what-html-developers-need-to-know-about-coding-windows-8-metro-style-apps/ >> >> >> >> >> ___ >> psad-discuss mailing list >> psad-discuss@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/psad-discuss Best Regards, Dmitry --- Dmitry KORZHEVIN System Administrator STIDIA S.A. - Luxembourg e: dmitry.korzhe...@stidia.com m: +38 093 874 5453 w: http://www.stidia.com >>> >> Best Regards, >> Dmitry >> >> --- >> Dmitry KORZHEVIN >> System Administrator >> STIDIA S.A. - Luxembourg >> >> e: dmitry.korzhe...@stidia.com >> m: +38 093 874 5453 >> w: http://www.stidia.com >> > > > -- > The Windows 8 Center - In partnership with Sourceforge > Your idea - your app - 30 days. > Get started! > http://windows8center.sourceforge.net/ > what-html-developers-need-to-know-about-coding-windows-8-metro-style-apps/ > ___ > psad-discuss mailing list > psad-discuss@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/psad-discuss -- The Windows 8 Center - In partnership with Sourceforge Your idea - your app - 30 days. Get started! http://windows8center.sourceforge.net/ what-html-developers-need-to-know-about-coding-windows-8-metro-style-apps/ ___ psad-discuss mailing list psad-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/psad-discu
Re: [psad-discuss] Question about psad configuration on Debian
I am not sure if psad is multi threaded to fully utilize all the cores which you have. I guess lets wait for the dev to reply :) On 10/29/2012 11:16 PM, Dmitry Korzhevin wrote: > So, no way, to run psad? Maby i can configure iptables rules, to > decrease load? > > 29.10.2012 17:07, Pui Edylie пишет: >> Hi, >> >> You might want to upgrade your processor. >> >> This is what I used here >> >> processor : 7 >> vendor_id : GenuineIntel >> cpu family : 6 >> model : 45 >> model name : Intel(R) Xeon(R) CPU E5-1620 0 @ 3.60GHz >> stepping: 7 >> cpu MHz : 3601.000 >> cache size : 10240 KB >> >> Regards, >> Edy >> >> On 10/29/2012 9:37 PM, Dmitry Korzhevin wrote: >>> processor : 2 >>> vendor_id : GenuineIntel >>> cpu family : 6 >>> model : 45 >>> model name : Intel(R) Xeon(R) CPU E5-2620 0 @ 2.00GHz >>> stepping: 7 >>> cpu MHz : 1999.000 >>> cache size : 15360 KB >>> physical id : 0 >>> siblings: 4 >>> core id : 2 >>> cpu cores : 4 >>> apicid : 2 >>> initial apicid : 2 >>> fpu : yes >>> fpu_exception : yes >>> cpuid level : 13 >>> wp : yes >>> flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge >>> mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx lm >>> constant_tsc arch_perfmon rep_good nonstop_tsc aperfmperf pni >>> pclmulqdq ssse3 cx16 sse4_1 sse4_2 x2apic popcnt aes hypervisor >>> lahf_lm ida arat >>> bogomips: 3998.00 >>> clflush size: 64 >>> cache_alignment : 64 >>> address sizes : 40 bits physical, 48 bits virtual >>> power management: >>> >>> >>> 29.10.2012 12:37, Pui Edylie пишет: What is your CPU used on this server? On 10/29/2012 5:21 PM, Dmitry Korzhevin wrote: > Hello, > > I have problems with psad. I downloaded latest psad version from > http://cipherdyne.org/about.html site, and installed from source, on > Debian 6.0.6 amd64 linux. > > I use this manual: > > http://www.cyberciti.biz/faq/linux-detect-port-scan-attacks/ > > And seems, after i add next iptables rules: > > iptables -A INPUT -j LOG > iptables -A FORWARD -j LOG > > system load average starts growing up to 100 LA, and server hangs.. > > Btw, this server is used as VPN gateway with about 50 users, i use > external log for iptables: /var/log/iptables.log > > > Can you please help me - how i can configure psad without such big > load... > > > > > Best Regards, > Dmitry > > --- > Dmitry KORZHEVIN > System Administrator > STIDIA S.A. - Luxembourg > > e: dmitry.korzhe...@stidia.com > m: +38 093 874 5453 > w: http://www.stidia.com > > > > -- > > > > The Windows 8 Center - In partnership with Sourceforge > Your idea - your app - 30 days. > Get started! > http://windows8center.sourceforge.net/ > what-html-developers-need-to-know-about-coding-windows-8-metro-style-apps/ > > > > > > ___ > psad-discuss mailing list > psad-discuss@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/psad-discuss >>> >>> Best Regards, >>> Dmitry >>> >>> --- >>> Dmitry KORZHEVIN >>> System Administrator >>> STIDIA S.A. - Luxembourg >>> >>> e: dmitry.korzhe...@stidia.com >>> m: +38 093 874 5453 >>> w: http://www.stidia.com >>> >> >> > > Best Regards, > Dmitry > > --- > Dmitry KORZHEVIN > System Administrator > STIDIA S.A. - Luxembourg > > e: dmitry.korzhe...@stidia.com > m: +38 093 874 5453 > w: http://www.stidia.com > -- The Windows 8 Center - In partnership with Sourceforge Your idea - your app - 30 days. Get started! http://windows8center.sourceforge.net/ what-html-developers-need-to-know-about-coding-windows-8-metro-style-apps/ ___ psad-discuss mailing list psad-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/psad-discuss
Re: [psad-discuss] Question about psad configuration on Debian
So, no way, to run psad? Maby i can configure iptables rules, to decrease load? 29.10.2012 17:07, Pui Edylie пишет: Hi, You might want to upgrade your processor. This is what I used here processor : 7 vendor_id : GenuineIntel cpu family : 6 model : 45 model name : Intel(R) Xeon(R) CPU E5-1620 0 @ 3.60GHz stepping: 7 cpu MHz : 3601.000 cache size : 10240 KB Regards, Edy On 10/29/2012 9:37 PM, Dmitry Korzhevin wrote: processor : 2 vendor_id : GenuineIntel cpu family : 6 model : 45 model name : Intel(R) Xeon(R) CPU E5-2620 0 @ 2.00GHz stepping: 7 cpu MHz : 1999.000 cache size : 15360 KB physical id : 0 siblings: 4 core id : 2 cpu cores : 4 apicid : 2 initial apicid : 2 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc arch_perfmon rep_good nonstop_tsc aperfmperf pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 x2apic popcnt aes hypervisor lahf_lm ida arat bogomips: 3998.00 clflush size: 64 cache_alignment : 64 address sizes : 40 bits physical, 48 bits virtual power management: 29.10.2012 12:37, Pui Edylie пишет: What is your CPU used on this server? On 10/29/2012 5:21 PM, Dmitry Korzhevin wrote: Hello, I have problems with psad. I downloaded latest psad version from http://cipherdyne.org/about.html site, and installed from source, on Debian 6.0.6 amd64 linux. I use this manual: http://www.cyberciti.biz/faq/linux-detect-port-scan-attacks/ And seems, after i add next iptables rules: iptables -A INPUT -j LOG iptables -A FORWARD -j LOG system load average starts growing up to 100 LA, and server hangs.. Btw, this server is used as VPN gateway with about 50 users, i use external log for iptables: /var/log/iptables.log Can you please help me - how i can configure psad without such big load... Best Regards, Dmitry --- Dmitry KORZHEVIN System Administrator STIDIA S.A. - Luxembourg e: dmitry.korzhe...@stidia.com m: +38 093 874 5453 w: http://www.stidia.com -- The Windows 8 Center - In partnership with Sourceforge Your idea - your app - 30 days. Get started! http://windows8center.sourceforge.net/ what-html-developers-need-to-know-about-coding-windows-8-metro-style-apps/ ___ psad-discuss mailing list psad-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/psad-discuss Best Regards, Dmitry --- Dmitry KORZHEVIN System Administrator STIDIA S.A. - Luxembourg e: dmitry.korzhe...@stidia.com m: +38 093 874 5453 w: http://www.stidia.com Best Regards, Dmitry --- Dmitry KORZHEVIN System Administrator STIDIA S.A. - Luxembourg e: dmitry.korzhe...@stidia.com m: +38 093 874 5453 w: http://www.stidia.com smime.p7s Description: Криптографическая подпись S/MIME -- The Windows 8 Center - In partnership with Sourceforge Your idea - your app - 30 days. Get started! http://windows8center.sourceforge.net/ what-html-developers-need-to-know-about-coding-windows-8-metro-style-apps/___ psad-discuss mailing list psad-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/psad-discuss
Re: [psad-discuss] Question about psad configuration on Debian
Hi, You might want to upgrade your processor. This is what I used here processor : 7 vendor_id : GenuineIntel cpu family : 6 model : 45 model name : Intel(R) Xeon(R) CPU E5-1620 0 @ 3.60GHz stepping: 7 cpu MHz : 3601.000 cache size : 10240 KB Regards, Edy On 10/29/2012 9:37 PM, Dmitry Korzhevin wrote: > processor : 2 > vendor_id : GenuineIntel > cpu family : 6 > model : 45 > model name : Intel(R) Xeon(R) CPU E5-2620 0 @ 2.00GHz > stepping: 7 > cpu MHz : 1999.000 > cache size : 15360 KB > physical id : 0 > siblings: 4 > core id : 2 > cpu cores : 4 > apicid : 2 > initial apicid : 2 > fpu : yes > fpu_exception : yes > cpuid level : 13 > wp : yes > flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge > mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx lm > constant_tsc arch_perfmon rep_good nonstop_tsc aperfmperf pni > pclmulqdq ssse3 cx16 sse4_1 sse4_2 x2apic popcnt aes hypervisor > lahf_lm ida arat > bogomips: 3998.00 > clflush size: 64 > cache_alignment : 64 > address sizes : 40 bits physical, 48 bits virtual > power management: > > > 29.10.2012 12:37, Pui Edylie пишет: >> What is your CPU used on this server? >> >> >> On 10/29/2012 5:21 PM, Dmitry Korzhevin wrote: >>> Hello, >>> >>> I have problems with psad. I downloaded latest psad version from >>> http://cipherdyne.org/about.html site, and installed from source, on >>> Debian 6.0.6 amd64 linux. >>> >>> I use this manual: >>> >>> http://www.cyberciti.biz/faq/linux-detect-port-scan-attacks/ >>> >>> And seems, after i add next iptables rules: >>> >>> iptables -A INPUT -j LOG >>> iptables -A FORWARD -j LOG >>> >>> system load average starts growing up to 100 LA, and server hangs.. >>> >>> Btw, this server is used as VPN gateway with about 50 users, i use >>> external log for iptables: /var/log/iptables.log >>> >>> >>> Can you please help me - how i can configure psad without such big >>> load... >>> >>> >>> >>> >>> Best Regards, >>> Dmitry >>> >>> --- >>> Dmitry KORZHEVIN >>> System Administrator >>> STIDIA S.A. - Luxembourg >>> >>> e: dmitry.korzhe...@stidia.com >>> m: +38 093 874 5453 >>> w: http://www.stidia.com >>> >>> >>> >>> -- >>> >>> >>> The Windows 8 Center - In partnership with Sourceforge >>> Your idea - your app - 30 days. >>> Get started! >>> http://windows8center.sourceforge.net/ >>> what-html-developers-need-to-know-about-coding-windows-8-metro-style-apps/ >>> >>> >>> >>> ___ >>> psad-discuss mailing list >>> psad-discuss@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/psad-discuss >> > > Best Regards, > Dmitry > > --- > Dmitry KORZHEVIN > System Administrator > STIDIA S.A. - Luxembourg > > e: dmitry.korzhe...@stidia.com > m: +38 093 874 5453 > w: http://www.stidia.com > -- The Windows 8 Center - In partnership with Sourceforge Your idea - your app - 30 days. Get started! http://windows8center.sourceforge.net/ what-html-developers-need-to-know-about-coding-windows-8-metro-style-apps/ ___ psad-discuss mailing list psad-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/psad-discuss
Re: [psad-discuss] Question about psad configuration on Debian
processor : 2 vendor_id : GenuineIntel cpu family : 6 model : 45 model name : Intel(R) Xeon(R) CPU E5-2620 0 @ 2.00GHz stepping: 7 cpu MHz : 1999.000 cache size : 15360 KB physical id : 0 siblings: 4 core id : 2 cpu cores : 4 apicid : 2 initial apicid : 2 fpu : yes fpu_exception : yes cpuid level : 13 wp : yes flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx lm constant_tsc arch_perfmon rep_good nonstop_tsc aperfmperf pni pclmulqdq ssse3 cx16 sse4_1 sse4_2 x2apic popcnt aes hypervisor lahf_lm ida arat bogomips: 3998.00 clflush size: 64 cache_alignment : 64 address sizes : 40 bits physical, 48 bits virtual power management: 29.10.2012 12:37, Pui Edylie пишет: What is your CPU used on this server? On 10/29/2012 5:21 PM, Dmitry Korzhevin wrote: Hello, I have problems with psad. I downloaded latest psad version from http://cipherdyne.org/about.html site, and installed from source, on Debian 6.0.6 amd64 linux. I use this manual: http://www.cyberciti.biz/faq/linux-detect-port-scan-attacks/ And seems, after i add next iptables rules: iptables -A INPUT -j LOG iptables -A FORWARD -j LOG system load average starts growing up to 100 LA, and server hangs.. Btw, this server is used as VPN gateway with about 50 users, i use external log for iptables: /var/log/iptables.log Can you please help me - how i can configure psad without such big load... Best Regards, Dmitry --- Dmitry KORZHEVIN System Administrator STIDIA S.A. - Luxembourg e: dmitry.korzhe...@stidia.com m: +38 093 874 5453 w: http://www.stidia.com -- The Windows 8 Center - In partnership with Sourceforge Your idea - your app - 30 days. Get started! http://windows8center.sourceforge.net/ what-html-developers-need-to-know-about-coding-windows-8-metro-style-apps/ ___ psad-discuss mailing list psad-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/psad-discuss Best Regards, Dmitry --- Dmitry KORZHEVIN System Administrator STIDIA S.A. - Luxembourg e: dmitry.korzhe...@stidia.com m: +38 093 874 5453 w: http://www.stidia.com smime.p7s Description: Криптографическая подпись S/MIME -- The Windows 8 Center - In partnership with Sourceforge Your idea - your app - 30 days. Get started! http://windows8center.sourceforge.net/ what-html-developers-need-to-know-about-coding-windows-8-metro-style-apps/___ psad-discuss mailing list psad-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/psad-discuss
Re: [psad-discuss] Question about psad configuration on Debian
What is your CPU used on this server? On 10/29/2012 5:21 PM, Dmitry Korzhevin wrote: Hello, I have problems with psad. I downloaded latest psad version from http://cipherdyne.org/about.html site, and installed from source, on Debian 6.0.6 amd64 linux. I use this manual: http://www.cyberciti.biz/faq/linux-detect-port-scan-attacks/ And seems, after i add next iptables rules: iptables -A INPUT -j LOG iptables -A FORWARD -j LOG system load average starts growing up to 100 LA, and server hangs.. Btw, this server is used as VPN gateway with about 50 users, i use external log for iptables: /var/log/iptables.log Can you please help me - how i can configure psad without such big load... Best Regards, Dmitry --- Dmitry KORZHEVIN System Administrator STIDIA S.A. - Luxembourg e: dmitry.korzhe...@stidia.com m: +38 093 874 5453 w: http://www.stidia.com -- The Windows 8 Center - In partnership with Sourceforge Your idea - your app - 30 days. Get started! http://windows8center.sourceforge.net/ what-html-developers-need-to-know-about-coding-windows-8-metro-style-apps/ ___ psad-discuss mailing list psad-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/psad-discuss -- The Windows 8 Center - In partnership with Sourceforge Your idea - your app - 30 days. Get started! http://windows8center.sourceforge.net/ what-html-developers-need-to-know-about-coding-windows-8-metro-style-apps/___ psad-discuss mailing list psad-discuss@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/psad-discuss
