Snort mailing list archives
Re: [barnyard2-users] Re: Offering a 64bit version of Snort for Windows?
From: "Michael Steele" <michaels () winsnort com>
Date: Thu, 1 Nov 2012 09:45:05 -0400
Thanks, and looking forward to trying the new version. Michael... -----Original Message----- From: barnyard2-users () googlegroups com [mailto:barnyard2-users () googlegroups com] On Behalf Of beenph Sent: Thursday, November 01, 2012 9:24 AM To: barnyard2-users () googlegroups com; Michael Steele Cc: snort-devel Subject: Re: [barnyard2-users] Re: [Snort-devel] Offering a 64bit version of Snort for Windows? On Thu, Nov 1, 2012 at 8:17 AM, Michael Steele <michaels () winsnort com> wrote:
I'll give 2.1.11 a try when it's released. It looks like all I'll need to do is add 2048 to the CACHED_MAX_EVENT in the barnyard2.conf.
in 2-1.11 we defaulted the cache size to 2048, (previous default was 256) and the new config directive is called config event_cache_size or command line option --event-cache-size. So it would look like the following in barnyard2 config file: config event_cache_size: 2048 or ./barnyard2 --event-cache-size 2048 .... If you re-encounter the issue then you might need to grow the cache size.
The error that is printed will be a warning, and there is no actual
problem?
Do we need to worry about adjusting the CACHED_MAX_EVENT to anything other than 2048?
You can allways put a larger number, the only restriction/impact on the long run is the memory that the process will use but since this is not pre-allocated, you could allways safeguard your self with a larger value.
Sometimes there are a rapid succession (5-6) of those warnings multiple times.
It was related to the issue stated in the previous e-mail amd its addressed either by modifying the constant defined in spooler.c in 2-1.10 or using 2-1.11. -elz -- ------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- Re: Offering a 64bit version of Snort for Windows?, (continued)
- Re: Offering a 64bit version of Snort for Windows? beenph (Oct 31)
- Re: Offering a 64bit version of Snort for Windows? Michael Steele (Oct 31)
- Re: Offering a 64bit version of Snort for Windows? beenph (Oct 31)
- Re: Offering a 64bit version of Snort for Windows? Michael Steele (Oct 31)
- Re: Offering a 64bit version of Snort for Windows? beenph (Oct 31)
- Re: [barnyard2-users] Re: Offering a 64bit version of Snort for Windows? Michael Steele (Oct 31)
- Re: [barnyard2-users] Re: Offering a 64bit version of Snort for Windows? beenph (Oct 31)
- Message not available
- Re: [barnyard2-users] Re: Offering a 64bit version of Snort for Windows? beenph (Nov 01)
- Re: [barnyard2-users] Re: Offering a 64bit version of Snort for Windows? Michael Steele (Nov 01)
- Re: [barnyard2-users] Re: Offering a 64bit version of Snort for Windows? beenph (Nov 01)
- Re: [barnyard2-users] Re: Offering a 64bit version of Snort for Windows? Michael Steele (Nov 01)
- Re: [barnyard2-users] Re: Offering a 64bit version of Snort for Windows? beenph (Nov 01)
- Re: [barnyard2-users] Re: Offering a 64bit version of Snort for Windows? Michael Steele (Nov 01)
- Re: Offering a 64bit version of Snort for Windows? Michael Steele (Oct 31)
- Re: Offering a 64bit version of Snort for Windows? beenph (Oct 31)