Building Snort-3.0.0a2 system slowdown/resource exhaustion

[Bill Parker <wp02855 () gmail com>]

Hello All,

    Here is a potential problem when building Snort-3.0.0a2.  When
the following section of code is reached (using 'make -j 8 install)':

g++ -DHAVE_CONFIG_H   -I../../.. -I../../../tools/snort2lua
-I/usr/include/luajit-2.0 -std=c++11 -fvisibility=hidden -g
-O2 -pthread -MT kws_paths.o -MD -MP -MF .deps/kws_paths.Tpo
-c -o kws_paths.o kws_paths.cc
g++ -DHAVE_CONFIG_H   -I../../.. -I../../../tools/snort2lua
-I/usr/include/luajit-2.0 -std=c++11 -fvisibility=hidden -g
-O2 -pthread -MT kws_preprocessor.o -MD -MP -MF
.deps/kws_preprocessor.Tpo -c -o kws_preprocessor.o kws_preprocessor.cc

It is possible that if the system swap space can be exhausted
resulting in the operating system not being able to allocate
memory as seen below:

swap
-bash: fork: Cannot allocate memory
[bill@moocow ~]$ swap
-bash: fork: Cannot allocate memory

It would seem that perhaps 'make -j 8 install' could be a tad too
aggressive for building snort-3.0.0 on systems which are limited
in swap space?

FYI, using 'make -j 2 install' allows the above build to complete
properly...load average is approximately 2 while this is being done,
whereas with 'make -j 8 install', it was between 12-15, with swap
space being exhausted.

The system in question is Fedora 22 Server, in VirtualBox 5.0.2,
with 1GB of ram allocated and a 512MB swap file enabled at the
time the OS was installed from a ISO image...

Additionally, here is another error which was produced during
'make -j 2 install':

cp default_snort_manual.html snort_manual.html
make[2]: *** No rule to make target 'snort_manual.chunked.tgz', needed by
'all-am'.  Stop.
make[2]: *** Waiting for unfinished jobs....
make[2]: Leaving directory '/usr/local/src/snort-3.0.0-a2/doc'
Makefile:506: recipe for target 'install' failed
make[1]: *** [install] Error 2
make[1]: Leaving directory '/usr/local/src/snort-3.0.0-a2/doc'
Makefile:494: recipe for target 'install-recursive' failed
make: *** [install-recursive] Error 1

Here is the output from the snort binary in /usr/local/bin:

--------------------------------------------------
o")~   Snort++ 3.0.0-a2-163
--------------------------------------------------
--------------------------------------------------
pcap DAQ configured to passive.

Snort successfully validated the configuration.
o")~   Snort exiting

Any ideas :)

Here is an updated list of packages needed/required to build Snort
2.9.7.x/2.9.8 or Snort-3.0.0 (this should replace the section in
the README.txt document in the Snort-3.0.0 source tarball):

=======================================================================

Here are the packages you should have installed to build Snort3:

These packages can be found in RPM format or can be downloaded from
from the various URL's listed next to each package:

autoconf
automake
binutils
bison
cmake
cpp
daq - from http://www.snort.org for packet I/O
flex
gcc/gcc-c++/libgcc
glibc/glibc-common/glibc-devel/glibc-headers/glibc-utils
libdnet/libdnet-devel - from http://code.google.com/p/libdnet/ for network
utility functions
libluajit - from http://luajit.org for configuration and scripting
libpcap/libpcap-devel - from http://www.tcpdump.org for tcpdump style
logging
libstdc++/libstdc++-devel
libtool/libtool-ltdl
luajit/luajit-devel/luajit-debuginfo
m4
openssl/openssl-libs
pcre/pcre-devel - from http://www.pcre.org for regular expression pattern
matching
pkgconfig - from http://www.freedesktop.org to build the example plugins
zlib/zlib-devel - zlib from http://www.zlib.net for decompression

Bill

------------------------------------------------------------------------------

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!