Snort mailing list archives
Re: Memory leak
From: Martin Roesch <roesch () sourcefire com>
Date: Sat, 02 Jun 2001 23:19:11 -0400
Theoretically, you should be able to drop the updated code from the 1.8
preprocessors into 1.7, recompile and run. That's not a 100% guarantee,
but it's possible. At the very least you should be able to put the
updated stream2 code into 1.7 and it should work...
-Marty
Sid wrote:
Hi, Yup, things are better after turning off defrag and Spade. But are these fixed somewhere or do i have to wait for 1.8 to roll out? Siddhartha ----- Original Message ----- From: "Martin Roesch" <roesch () sourcefire com> To: "Sid" <s_i_d_j () yahoo com> Cc: "Fyodor" <fygrave () tigerteam net>; <william.c.gercken () census gov>; "Erek Adams" <erek () theadamsfamily net>; <snort-users () lists sourceforge net>; <snort-users-admin () lists sourceforge net> Sent: Friday, May 04, 2001 9:06 AM Subject: Re: [Snort-users] Memory leakOk, try turning off the defrag plugin too and tell us how it goes.... -Marty Sid wrote:Hmm ... My available memory is down to 550 MB after eight hours ofrunningsnort 1.7 ... me thinks its something other than Spade (i turned itoff).Btw, i am still getting the same crashes with Snort 1.8beta4 (Build 15). Siddhartha ----- Original Message ----- From: "Martin Roesch" <roesch () sourcefire com> To: "Sid" <s_i_d_j () yahoo com> Cc: "Fyodor" <fygrave () tigerteam net>; <william.c.gercken () census gov>;"ErekAdams" <erek () theadamsfamily net>; <snort-users () lists sourceforge net>; <snort-users-admin () lists sourceforge net> Sent: Thursday, May 03, 2001 9:16 PM Subject: Re: [Snort-users] Memory leakTurn off SPADE and see if it continues... -Marty Sid wrote:----snort.conf------- var INTERNAL [x.x.x.x/24,y.y.y.y/16] var EXTERNAL any var SMTP $INTERNAL var HTTP_SERVERS $INTERNAL var DNS_SERVERS [a.a.a.a/32,b.b.b.b/32] preprocessor minfrag: 256 preprocessor defrag preprocessor stream: timeout 10, ports 21 23 80, maxbytes 16384 preprocessor http_decode: 80 preprocessor portscan: $INTERNAL 4 3 portscan.log preprocessor portscan-ignorehosts: $DNS_SERVERS var SPADEDIR /usr/local/snort/spade preprocessor spade: 10.5 $SPADEDIR/spade.rcv $SPADEDIR/log.txt 350000preprocessor spade-homenet: 202.87.0.0/16 preprocessor spade-threshlearn: 200 24 preprocessor spade-survey: $SPADEDIR/survey.txt 60 preprocessor spade-stats: entropy uncondprob condprob output database: alert, mysql, user=root password=xxxx dbname=snort host=localhost output alert_full: alert ------------------------------------------------------------- cmdline switches :- ----------------------- /usr/local/snort/bin/snort -D -d -C -i hme1 -c /usr/local/snort/conf/snort.conf -l /usr/local/snort/log/snort ----------------------- Siddhartha ----- Original Message ----- From: "Fyodor" <fygrave () tigerteam net> To: "Sid" <s_i_d_j () yahoo com> Cc: "Martin Roesch" <roesch () sourcefire com>;<william.c.gercken () census gov>;"Erek Adams" <erek () theadamsfamily net>;<snort-users () lists sourceforge net>;<snort-users-admin () lists sourceforge net> Sent: Thursday, May 03, 2001 9:05 PM Subject: Re: [Snort-users] Memory leakOn Thu, May 03, 2001 at 08:43:32PM +0530, Sid wrote:No guys!!! This is Snort 1.7. On Solaris 2.6/UltraSparc-II(Dual, 1GBRAM).can we see your snort.conf and cmdline switches if possible? :)_________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com-- Martin Roesch roesch () sourcefire com http://www.sourcefire.com - http://www.snort.org_________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com-- Martin Roesch roesch () sourcefire com http://www.sourcefire.com - http://www.snort.org_________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
-- Martin Roesch roesch () sourcefire com http://www.sourcefire.com - http://www.snort.org _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Memory leak, (continued)
- Re: Memory leak Martin Roesch (May 03)
- Re: Memory leak william . c . gercken (May 03)
- Re: Memory leak Martin Roesch (May 03)
- Re: Memory leak Sid (May 03)
- Re: Memory leak Fyodor (May 03)
- Re: Memory leak Sid (May 03)
- Re: Memory leak Martin Roesch (May 03)
- Re: Memory leak Sid (May 03)
- Re: Memory leak Martin Roesch (May 03)
- Re: Memory leak Sid (May 04)
- Re: Memory leak Martin Roesch (Jun 02)
- Re: Memory leak Martin Roesch (May 03)