Snort mailing list archives
Re: memory leak in Snort 1.8.7?
From: "Matthew Harrell" <mhar () plex com>
Date: Fri, 4 Oct 2002 08:39:58 -0400
I was using the "vision18.conf" file from the ArachNIDS database, and it was using some old preprocessors (stream2 and defrag). I read the Snort manual, and set up the preprocessors how I wanted them, using up-to-date preprocessors, and the memory leak (at least, the rapid one) is gone. I searched the mailing list archives, too, and it sounds like the old stream2 preprocessor is what was causing my memory leak. Thanks for the reply. ----------------- Matt Harrell Plexus Systems mhar () plex com ----- On 10/3/2002 5:46 PM, Ben Feinstein <me () benfeinstein net> wrote:
What output plugin(s) are you using? From my experience, the postgresql db output leaks memory pretty badly... On Thu, 3 Oct 2002, Matthew Harrell wrote: Here's my setup: I'm running Mandrake Linux 9.0 on a Pentium 200 with 64 MB RAM. I'm running snort-1.8.7-3mdk.rpm. A little while ago, I changed two things.
I
upgraded from Mandrake Linux 9.0beta2 to 9.0, and I changed the switch
port
that this box is on so that it hears traffic on all of the ports on that switch. Since then, obviously, I've seen greatly increased scans in Snort (about 1 to 2 unique IP numbers an hour, but it varies). Before these two things were changed, Snort ran just fine, not using up a significant amount of memory. Now, Snort gradually consumes all spare RAM and VRAM (which is set at 256 MB). It seems to take about 24 hours for it to use up all the swap space. The system gets gradually slower and slower until it's just about unusable. Now, is this a memory leak, or is Snort just going to need a HUGE amount
of
RAM due to the increased traffic it sees? ----------------- Matt Harrell Plexus Systems mhar () plex com ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- memory leak in Snort 1.8.7? Matthew Harrell (Oct 03)
- Re: memory leak in Snort 1.8.7? Ben Feinstein (Oct 03)
- <Possible follow-ups>
- Re: memory leak in Snort 1.8.7? Matthew Harrell (Oct 03)
- Re: memory leak in Snort 1.8.7? Matthew Harrell (Oct 04)