Snort mailing list archives
Re: Requirements to run SNORT
From: Chris Green <cmg () uab edu>
Date: Tue, 13 Nov 2001 09:33:38 -0600
"Gray . Brendan" <bgray2 () drc com> writes:
I have snort (1.8.1) running on a P166, 48 megs RAM, ISA 10Mbit NIC (3Com?) and Red Hat 7.1. We are a small office network with a Class C subnet. Snort does ok, but when I run SnortSnarf to analyze the alert log, it can cause my system to crash, due to insufficient memory.
Use ulimits to keep control over how much the snortsnarf process can use. The more often you rotate your snort logs, the less memory it will use to produce reports.
I end up having to reboot once a week. I've been keeping an eye out for all Red Hat updates that come out, especially for the kernel. (using 2.4.9-12 for now) If I have time someday, I may contemplate moving down to Red Hat 7.0 and the earlier kernel,
I doubt that would really help. Rotate more often is the only real fix for your sitatution. -- Chris Green <cmg () uab edu> A watched process never cores. _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Requirements to run SNORT Edwin Pua (Nov 13)
- Re: Requirements to run SNORT Thomas Novin (Nov 13)
- <Possible follow-ups>
- RE: Requirements to run SNORT Gray . Brendan (Nov 13)
- Re: Requirements to run SNORT Chris Green (Nov 13)