Snort mailing list archives

Re: Requirements to run SNORT

From: Chris Green <cmg () uab edu>
Date: Tue, 13 Nov 2001 09:33:38 -0600

"Gray . Brendan" <bgray2 () drc com> writes:

I have snort (1.8.1) running on a P166, 48 megs RAM, ISA 10Mbit NIC (3Com?)
and Red Hat 7.1.  We are a small office network with a Class C subnet.
Snort does ok, but when I run SnortSnarf to analyze the alert log, it can
cause my system to crash, due to insufficient memory.


Use ulimits to keep control over how much the snortsnarf process can
use.  The more often you rotate your snort logs, the less memory it
will use to produce reports.

I end up having to reboot once a week.  I've been keeping an eye out
for all Red Hat updates that come out, especially for the
kernel. (using 2.4.9-12 for now) If I have time someday, I may
contemplate moving down to Red Hat 7.0 and the earlier kernel,


I doubt that would really help.   Rotate more often is the only real
fix for your sitatution.

-- 
Chris Green <cmg () uab edu>
A watched process never cores.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Requirements to run SNORT Edwin Pua (Nov 13)
- Re: Requirements to run SNORT Thomas Novin (Nov 13)
- <Possible follow-ups>
- RE: Requirements to run SNORT Gray . Brendan (Nov 13)
  - Re: Requirements to run SNORT Chris Green (Nov 13)