Snort mailing list archives
Re: Memory leak
From: "Sid" <s_i_d_j () yahoo com>
Date: Fri, 4 May 2001 06:07:12 +0530
Hmm ... My available memory is down to 550 MB after eight hours of running snort 1.7 ... me thinks its something other than Spade (i turned it off). Btw, i am still getting the same crashes with Snort 1.8beta4 (Build 15). Siddhartha ----- Original Message ----- From: "Martin Roesch" <roesch () sourcefire com> To: "Sid" <s_i_d_j () yahoo com> Cc: "Fyodor" <fygrave () tigerteam net>; <william.c.gercken () census gov>; "Erek Adams" <erek () theadamsfamily net>; <snort-users () lists sourceforge net>; <snort-users-admin () lists sourceforge net> Sent: Thursday, May 03, 2001 9:16 PM Subject: Re: [Snort-users] Memory leak
Turn off SPADE and see if it continues... -Marty Sid wrote:----snort.conf------- var INTERNAL [x.x.x.x/24,y.y.y.y/16] var EXTERNAL any var SMTP $INTERNAL var HTTP_SERVERS $INTERNAL var DNS_SERVERS [a.a.a.a/32,b.b.b.b/32] preprocessor minfrag: 256 preprocessor defrag preprocessor stream: timeout 10, ports 21 23 80, maxbytes 16384 preprocessor http_decode: 80 preprocessor portscan: $INTERNAL 4 3 portscan.log preprocessor portscan-ignorehosts: $DNS_SERVERS var SPADEDIR /usr/local/snort/spade preprocessor spade: 10.5 $SPADEDIR/spade.rcv $SPADEDIR/log.txt 3 50000 preprocessor spade-homenet: 202.87.0.0/16 preprocessor spade-threshlearn: 200 24 preprocessor spade-survey: $SPADEDIR/survey.txt 60 preprocessor spade-stats: entropy uncondprob condprob output database: alert, mysql, user=root password=xxxx dbname=snort host=localhost output alert_full: alert ------------------------------------------------------------- cmdline switches :- ----------------------- /usr/local/snort/bin/snort -D -d -C -i hme1 -c /usr/local/snort/conf/snort.conf -l /usr/local/snort/log/snort ----------------------- Siddhartha ----- Original Message ----- From: "Fyodor" <fygrave () tigerteam net> To: "Sid" <s_i_d_j () yahoo com> Cc: "Martin Roesch" <roesch () sourcefire com>;
<william.c.gercken () census gov>;
"Erek Adams" <erek () theadamsfamily net>;
<snort-users () lists sourceforge net>;
<snort-users-admin () lists sourceforge net> Sent: Thursday, May 03, 2001 9:05 PM Subject: Re: [Snort-users] Memory leakOn Thu, May 03, 2001 at 08:43:32PM +0530, Sid wrote:No guys!!! This is Snort 1.7. On Solaris 2.6/UltraSparc-II (Dual, 1
GB
RAM).can we see your snort.conf and cmdline switches if possible? :)_________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com-- Martin Roesch roesch () sourcefire com http://www.sourcefire.com - http://www.snort.org
_________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Memory leak Siddhartha Jain (May 02)
- Re: Memory leak Erek Adams (May 03)
- Re: Memory leak Martin Roesch (May 03)
- <Possible follow-ups>
- Re: Memory leak william . c . gercken (May 03)
- Re: Memory leak Martin Roesch (May 03)
- Re: Memory leak Sid (May 03)
- Re: Memory leak Fyodor (May 03)
- Re: Memory leak Sid (May 03)
- Re: Memory leak Martin Roesch (May 03)
- Re: Memory leak Sid (May 03)
- Re: Memory leak Martin Roesch (May 03)
- Re: Memory leak Sid (May 04)
- Re: Memory leak Martin Roesch (Jun 02)
- Re: Memory leak Martin Roesch (May 03)
- Re: Memory leak Erek Adams (May 03)