Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Memory Issue?

From: "Frank Reid" <fcreid () ourcorner org>
Date: Tue, 12 Nov 2002 06:10:11 -0500
I've been running snort on Mandrake 8.2 (2.4 kernel) for about 18
months, and it's been great.  I use the standard rule sets and log
alerts to a local MySQL database (3.23.53a).  Yesterday, I updated Snort
from CVS (2.0.0beta Build 33) and started seeing strange behavior.  This
may have been the first 2.0beta I pulled from CVS.  Anyway, as soon as I
trigger an alert against the network (something that Snort would
normally catch and log), I'm seeing this error:

        kernel: __alloc_pages: 0-order allocation failed (gfp0x1d2/0)

These ultimately consume all resources on the system, and I'm lucky to
get a warm boot to restart.  I thought it might be the database (around
50K alerts) that got corrupted, but myisamchk doesn't find any errors.
If I don't start Snort, the problem doesn't occur, but I'm sure that
doesn't mean it couldn't be something else with the file system.

Any help appreciated.

Frank




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: