Snort mailing list archives
Re: Memory leak
From: Michel van Osenbruggen <michel () bit nl>
Date: Tue, 24 Jul 2001 08:44:57 +0200
Hi, The memory leak seems to come from the preprocessor stream2. If that is active leaking goes very fast. With this disabled I still have some leackage, but not that bad. It is enough though to make snort stop once in a while. These are the other preprocessors I got running: preprocessor defrag preprocessor http_decode: 80 -unicode -cginull preprocessor rpc_decode: 111 preprocessor bo: -nobrute preprocessor telnet_decode preprocessor portscan: $INTERNAL 5 5 /var/log/snort/portscan.log preprocessor portscan-ignorehosts: $DNS_SERVERS preprocessor arpspoof Yours sincerely, Michel van Osenbruggen Martin Roesch wrote:
Hi Michel, Can you tell us which preprocessors and output plugins you have loaded? Those are the stateful elements of Snort, so if there's a leak it's likely in one of those. -Marty Michel van Osenbruggen wrote:Hi, It seems like snort 1.8 is leaking memory. Has anyone the same experience ? I use snort with PostgreSQL logging by the way. Michel van Osenbruggen _______________________________________________ Snort-users mailing list
Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users-- Martin Roesch roesch () sourcefire com http://www.sourcefire.com - http://www.snort.org
-- __________________ Met vriendelijke groet, /\ ___/ Michel van Osenbruggen /- \ _/ Business Internet Trends BV MO1842-RIPE /--- \/ __________________ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Memory leak Michel van Osenbruggen (Jul 22)
- Message not available
- Re: Memory leak Michel van Osenbruggen (Jul 24)
- Message not available