Significant CPU drop when disabling IDS rules?

Started by labsy, October 23, 2023, 08:59:19 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 23, 2023, 08:59:19 AM
Hi,

due to high CPU usage I turned OFF IDS/IPS under Services --> Intrusion Detection --> Administration --> Settings --> Intrusion Detection ENABLED=OFF. CPU usage dropped as expected, so for testing purposes I installed Maltrail to have at least some intrusion protection.


This worked fine for few weeks.

Yesterday I went again to Services --> Intrusion Detection --> Administration --> Download --> Rulesets and just to clean it out, set all rulesets to DISABLED. IDS service was still OFF from before.
What's weird is since then CPU usage dropped significantly since then!?

I do not understand.
IDS service was OFF all the time. How can CPU drop by just disabling rulesets under DISABLED service?
....or are those rulesets used elsewhere, maybe with Maltrail, too?

Print
Go Up Pages1
User actions