Snort mailing list archives

Re: Snort and memory

From: John Sage <jsage () finchhaven com>
Date: Wed, 22 Aug 2001 07:27:51 -0700

Martin Roesch wrote:

What output options are you using?

Just to follow through, so maybe we can get a little more out of all ofthis:


For my Pentium 150/96mb/snort 1.8.1-beta4/ppp connection box:

# ----------------------------------
# Use one or more syslog facilities as arguments
#
output alert_syslog: LOG_DAEMON LOG_ALERT

# ----------------------------------
# output alert_full
output alert_full: /var/log/snort/alert.full

#
# Include classification & priority settings
#

include classification.config


Command line:

snort18 -b -i ppp0 -c /usr/local/snort-1.8.1-beta4/snort18.conf &


This was from top:

CPU states: 18.6% user,  4.9% system,  0.0% nice, 76.3% idle

Mem: 95516K av, 91872K used, 3644K free, 132804K shrd, 34620KbuffSwap: 52376K av, 10068K used, 42308K free 28380Kcached

:
30094 toot       0   0  1220 1220   740 S       0  0.0  1.2   0:00 snort18


- John

--
John Sage
FinchHaven, Vashon Island, WA, USA
http://www.finchhaven.com/
mailto:jsage () finchhaven com
"The web is so, like, five minutes ago..."


Marcin Zurakowski wrote:

I've run snort on local network(ethernet - 10Mb/s and 2Mb/s gateway to
internet). When I run 'top' I get:

---------------------------------------------------------------------
CPU states: 15.6% user,  3.3% system,  0.0% nice, 80.9% idle
Mem:   160824K av,  158496K used,    2328K free,   27992K shrd,    3944K
buff
Swap:  128516K av,   59144K used,   69372K free                    9708K
cached

 PID USER     PRI  NI  SIZE  RSS SHARE STAT  LIB %CPU %MEM   TIME COMMAND
28156 snort     19   0  170M 113M   968 R       0 16.6 72.4 264:03 snort
31665 root       4   0   868  868   672 R       0  1.9  0.5   0:26 top
-----------------------------------------------------------------------

Is it normal that snort consumed 170MB memory??????????

Configuration:
- Pentium MMX 166MHz
- 160MB memory
- 128 MB swap
- network adapter: 3COM 905C
- RH 6.0, kernel 2.2.19 with openwall patch
- snort 1.8.1-RELEASE
- standart configuration from whitehats, internal network: class C

--

Marcin Zurakowski

InterFirma Administrator




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort and memory Marcin Zurakowski (Aug 22)
- Re: Snort and memory John Sage (Aug 22)
- Re: Snort and memory Martin Roesch (Aug 22)
  - Re: Snort and memory Marcin Zurakowski (Aug 22)
    - Re: Snort and memory Martin Roesch (Aug 22)
    - Re: Snort and memory Scott Nursten (Aug 28)
    - Re: Snort and memory Martin Roesch (Aug 28)
  - Re: Snort and memory John Sage (Aug 22)
- <Possible follow-ups>
- RE: Snort and memory Mayers, Philip J (Aug 29)