Snort mailing list archives
Re: Snort 2.9.1 memory usage
From: Joel Esler <jesler () sourcefire com>
Date: Tue, 31 Jan 2012 11:30:16 -0500
It's not surprising that memory usage has went up. There are a lot more features in Snort now that have been added in the past in the past two years. Namely of which is PAF. http://blog.snort.org/2011/09/what-is-paf.html -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire On Jan 31, 2012, at 11:22 AM, Sudarshan Raghavan <sudarshan.t.raghavan () gmail com> wrote:
I tried sending the configuration file but it looks like that email bounced. Are there any specific parts of the configuration that you would like to look at? Regards, Sudarshan On 31-Jan-2012 7:33 PM, "Sudarshan Raghavan" <sudarshan.t.raghavan () gmail com> wrote: Yes, I did. I can post the configuration file here if that would help. Regards, Sudarshan On 31-Jan-2012 7:23 PM, "Joel Esler" <jesler () sourcefire com> wrote: Did you modify your configuration file during the upgrade? -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire On Jan 31, 2012, at 5:07 AM, Sudarshan Raghavan <sudarshan.t.raghavan () gmail com> wrote:Please let me know if you need more information. I have also tried running snort 2.9.1.2 with the set of rules used with snort 2.8.5 and can still see that memory usage is quite high. Can something be done when snort is being built to fix this? We need to run snort on machines that have only 1G of RAM and the current memory usage is too high for it. Regards, Sudarshan On Tue, Jan 31, 2012 at 1:11 PM, Sudarshan Raghavan <sudarshan.t.raghavan () gmail com> wrote:Here is a better version of the question. Version of Snort: Version 2.9.1.2 IPv6 GRE (Build 84) libpcap: 0.8.3, pcre: 7.0 18-Dec-2006, zlib: 1.2.3 Linux Kernel: 2.6.37.3 (32 bit) The problem seen is that the new version of snort uses upwards of 512M of memory when it starts. This is even before any traffic is being sent through it. 3806 root 30 10 562m 132m 2060 S 0 3.3 0:05.91 snort The 2.8.5 snort version that we had was using less than 50M of virtual memory when it starts. I have tried bnfa-nq and lowmem-nq without any luck. I have tried to start the new snort with just the 1 rule file with about 10 rules in it without any big improvement. In the last case memory usage did go down but was still greater than 450M. Is this the expected behaviour with snort 2.9? Regards, Sudarshan On Mon, Jan 30, 2012 at 7:30 PM, Sudarshan Raghavan <sudarshan.t.raghavan () gmail com> wrote:We are upgrading our snort version from 2.8.5 to 2.9.1 and it looks like memory usage has gone up by an order of 10. I am currently debugging and wanted to check if there is something obvious that I am missing. We have IPv6 turned on. Please let me know if you need more information. Regards, Sudarshan------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort 2.9.1 memory usage Sudarshan Raghavan (Jan 31)
- Re: Snort 2.9.1 memory usage Sudarshan Raghavan (Jan 31)
- Re: Snort 2.9.1 memory usage Sudarshan Raghavan (Jan 31)
- Re: Snort 2.9.1 memory usage Joel Esler (Jan 31)
- Message not available
- Re: Snort 2.9.1 memory usage Sudarshan Raghavan (Jan 31)
- Message not available
- Re: Snort 2.9.1 memory usage Sudarshan Raghavan (Jan 31)
- Re: Snort 2.9.1 memory usage Joel Esler (Jan 31)
- Re: Snort 2.9.1 memory usage Sudarshan Raghavan (Jan 31)
- Re: Snort 2.9.1 memory usage Joel Esler (Jan 31)
- Re: Snort 2.9.1 memory usage Sudarshan Raghavan (Jan 31)
- Re: Snort 2.9.1 memory usage Joel Esler (Jan 31)
- Re: Snort 2.9.1 memory usage Sudarshan Raghavan (Jan 31)
- Re: Snort 2.9.1 memory usage Russ Combs (Jan 31)
- Re: Snort 2.9.1 memory usage Sudarshan Raghavan (Jan 31)
- Re: Snort 2.9.1 memory usage Sudarshan Raghavan (Jan 31)