Snort mailing list archives
Re: S5 prunes
From: Joel Esler <jesler () sourcefire com>
Date: Fri, 30 Sep 2011 08:56:29 -0400
Looks like you are reaching the max memcap in Stream5. You can increase this value in your snort.conf file. Joel On Sep 30, 2011, at 7:22 AM, Peter Bates wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello all... My segfaults with 2.9.1 were resolved by trashing everything Snort related in /usr/local/lib and /usr/local/include - it now starts up happily. Although I seem to be hitting some rules, I mostly seem to be seeing the following in /var/log/messages: Sep 30 12:20:03 sniffer snort[11032]: S5: Pruned 5 sessions from cache for memcap. 4730 ssns remain. memcap: 8387674/8388608 Sep 30 12:20:03 sniffer snort[11032]: S5: Pruned 5 sessions from cache for memcap. 4725 ssns remain. memcap: 8373093/8388608 I'm using the stock snort.conf in the tarball (with obvious changes to HOME_NET, etc.), and intending to move to the afpacket DAQ. Am I missing something in my move from 2.8.4? Thanks. - -- Peter Bates Senior Computer Security Officer Phone: +44(0)2076792049 Information Services Division Internal Ext: 32049 University College London London WC1E 6BT -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQEcBAEBAgAGBQJOhaZuAAoJELhVoVpEMS6RQ+wIAIg9/Ze0NQ2UKt91wlNf4nfx UsrhcOf+Fh9Xp8+CApleEQOz7NaFHjbvIT3e+gxUN4eTY6NmsXYVvFemFdPIDZe+ /Vm+mQ0FrVvqXgDFFU/qyThd+hymTni8qYCmp0pRRkVRf49DhZtjilnQfdNQegCX Cv1mPNw7r9Setuoc/bCDcCav2im30fm70TR1PmJnZr+P4JpFMkYnvyRPiqP+hJs8 FwJVigmGaGeH/n6tVgzm/54/DL5brp7mp3eeG2G0ZfI952Ybeul83BJD5TVcrjNd 38Npn5MkYxspN9biJpNamkUgzlcd8qlZNAvo/5Yo3pkgnA/KEGpulbnnqbRkHH4= =zWmB -----END PGP SIGNATURE----- ------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2dcopy2 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- S5 prunes Peter Bates (Sep 30)
- Re: S5 prunes Joel Esler (Sep 30)
- Re: [Spam] Re: S5 prunes Lay, James (Sep 30)
- Re: S5 prunes Joel Esler (Sep 30)