Snort mailing list archives
Re: Snort and memory
From: Scott Nursten <scott.nursten () StreetsOnline co uk>
Date: Tue, 28 Aug 2001 14:59:47 +0100
Well, here's mine: Snort 1.8.1 with the only output plugin as: snort.conf:output database: log, mysql, user=blah dbname=blahdb host=localhost and 14:51:57 up 14 days, 23:08, 1 user, load average: 0.36, 0.29, 0.27 60 processes: 59 sleeping, 1 running, 0 zombie, 0 stopped CPU states: 15.0% user, 2.4% system, 0.0% nice, 82.6% idle Mem: 1157276K total, 1151212K used, 6064K free, 1056K buffers Swap: 2097136K total, 550872K used, 1546264K free, 10376K cached PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME COMMAND 8934 snort 15 0 1107M 719M 13304 S 31.8 63.6 303:54 snort 4144 mysql 9 0 18864 7696 7096 S 0.0 0.6 0:00 mysqld 4146 mysql 9 0 18864 7696 7096 S 0.0 0.6 0:13 mysqld 4147 mysql 9 0 18864 7696 7096 S 0.0 0.6 0:05 mysqld 4148 mysql 9 0 18864 7696 7096 S 0.0 0.6 0:00 mysqld 8935 mysql 9 0 18864 7696 7096 S 0.3 0.6 0:07 mysqld 18360 mysql 9 0 18864 7696 7096 S 0.0 0.6 0:01 mysqld 18363 mysql 9 0 18864 7696 7096 S 0.0 0.6 0:03 mysqld 21029 mysql 9 0 18864 7696 7096 S 0.0 0.6 0:00 mysqld 21355 mysql 9 0 18864 7696 7096 S 0.0 0.6 0:00 mysqld 21358 mysql 9 0 18864 7696 7096 S 0.0 0.6 0:00 mysqld 18361 nobody 9 0 3320 3232 1864 S 0.0 0.2 0:00 httpd 18356 nobody 9 0 3304 3220 1852 S 0.0 0.2 0:00 httpd 18357 nobody 9 0 3304 3220 1884 S 0.0 0.2 0:00 httpd 18359 nobody 9 0 1484 1212 1192 S 0.0 0.1 0:00 httpd 18362 nobody 9 0 1452 1184 1152 S 0.0 0.1 0:00 httpd 18311 root 9 0 1128 1004 928 S 0.0 0.0 0:00 bash 21689 root 13 0 1000 1000 780 R 1.5 0.0 0:00 top 18358 nobody 9 0 2636 608 200 S 0.0 0.0 0:00 httpd -------------------------------------------------------------------------- Processes die fairly regularly with all mem being used. Any ideas? Rgds, Scott Martin Roesch wrote:
Marcin Zurakowski wrote:On Wed, 22 Aug 2001, Martin Roesch wrote:What output options are you using?I set something like this: # LOGING output alert_syslog: LOG_LOCAL6 And in my syslog.conf: local6.* /var/log/snort.log I've just discovered, that crond died...It has never happened before installation snort.Well, Snort doesn't have any interaction with cron, but if your system is running out of memory that could be a problem. I don't know why Snort is using so much memory, we pretty much eliminated all the memory leaks in the standard loadout. Having just looked at the default vision18.conf file from whitehats.com, I see that the default preprocessor load is out of date, that's probably the problem. For the time being, I'd suggest using the snort.conf file that comes with Snort, and your logging setup. If you do that and still see excessive memory usage, let me know. -Marty -- Martin Roesch roesch () sourcefire com http://www.sourcefire.com - http://www.snort.org _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Scott Nursten - Systems Administrator ---------------------------------------------- ddi: +44 (0) 1293 744 122 work: +44 (0) 1293 402 040 fax: +44 (0) 1293 402 050 email: scottn () streetsonline co uk wwweb: http://www.streetsonline.co.uk ---------------------------------------------- Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke Any technology distinguishable from magic is insufficiently advanced. (Probably not) Arthur C. Clarke _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort and memory Marcin Zurakowski (Aug 22)
- Re: Snort and memory John Sage (Aug 22)
- Re: Snort and memory Martin Roesch (Aug 22)
- Re: Snort and memory Marcin Zurakowski (Aug 22)
- Re: Snort and memory Martin Roesch (Aug 22)
- Re: Snort and memory Scott Nursten (Aug 28)
- Re: Snort and memory Martin Roesch (Aug 28)
- Re: Snort and memory Marcin Zurakowski (Aug 22)
- Re: Snort and memory John Sage (Aug 22)
- <Possible follow-ups>
- RE: Snort and memory Mayers, Philip J (Aug 29)