help needed: alerts using mailx hangs firewall system (chkpt NG, Solaris8)

[untitled]

Hi all,

I am using Checkpoint NG FP1, on Solaris 8. I configured alerts using
mailx on dropped packets. However, when there is a ``rush'' of alerts
(eg, somebody running kazza, triggering lots and lots of alerts) the
firewall become very very slow, impacting the normal working of the
firewall. We can't surf the Internet, or connect to servers in DMZs, or
do anything that requires to pass thru the firewall. The CPU load is
over a few hundred (compared to 0.5 or less under normal load).

I found that the mailx program that is triggered on _each_ alert is the
culprit. There are thousands of mailx processes in memory when I do a
``ps -ef'', and I have to kill all of them to make the system restore to
normal load. Sometime, there is no choice but to force reboot the system.

I tried using snmp_trap, but it is worse... even during normal
operations, the system is crawling (cpu load over 10)... Then, I tried
using the nice command with mailx, but in this case, no alerts are sent
out. Effectively, the mailx with nice does not work.

Are there any way to control the system such that the mailx will not
take over all the system resources? Or are there any other alternatives
that anyone is using, and is working properly even when there is a
``rush'' of alerts? Thanks a lot.

Mun