Snort mailing list archives
RE: [Snort-devel] SNORT has memory leak on Linux Red hat 9
From: "Kumar, Manoj" <kumarm () netscout com>
Date: Wed, 25 Feb 2004 18:09:03 -0500
Ian, Thanks for your reply Yes,exactly this is what very odd is that even I kill the SNORT process,memory are not getting released. This is really strange. But,this is what exactly happening. I have 4 GB of physical memory. I stopped all the process and waited for 3-4 hours.It remains at 345MB. As soon as I start the snort process,it starts climbing and other thing is that it climbes very fast. Within 2-3 hours, it eats up 95% of the memory. It goes upto 3.5 GB. When I kill it,I thought it will release the memory,but it's not. Again,this is happening on Red hat 9 and also on application service 2.4.9 Linux. Manoj -----Original Message----- From: Ian Macdonald [mailto:ism () iwasdot com] Sent: Wednesday, February 25, 2004 6:06 PM To: Kumar, Manoj Cc: Jeremy Hewlett; snort-users () lists sourceforge net; snort-devel () lists sourceforge net; snort-announce () lists sourceforge net Subject: Re: [Snort-devel] SNORT has memory leak on Linux Red hat 9 The first thing that seems odd is that the memory doesn't free up after killing the process. Normally all memory would be released on application termination. When you say memory doesn't free what item are you looking at? One thing you might want to do is try killing other applications to see if they are the ones that are stealing the memory. You may even want to remove the loaded modules one by one incase the memory leak is in the network driver module. The only other thing of the top of my head is that machine is swapping so much that it takes time for the OS to swap out the memory from disk to allow it to be released? Have you tried it on a different OS or Kernel?
Hello everybody, I am running SNORT ver 2.1.0 to capture data from my giga bit network on RedHat Linux 9 where SNORT is capturing 100MB of data per minute (Lots of data). Problem is that memory usage keeps going as long as SNORT is running. WORST thing is that even if you kill the SNORT process, it doesn't release the memory. Memory usage remains as it is. Would you guys please help me out? Why SNORT is behaving like this and anybody has noticed this problem? Thanks Manoj -----Original Message----- From: Jeremy Hewlett [ mailto:jh () sourcefire com] Sent: Wednesday, February 25, 2004 4:41 PM To: snort-users () lists sourceforge net Cc: snort-devel () lists sourceforge net; snort-announce () lists sourceforge net Subject: [Snort-devel] Snort 2.1.1 final is available! Greetings! Snort 2.1.1 is now available - Thanks everyone who installed RC1 and tried it out! The differences between RC1 and final are minor, and include: * Documentation updates and fixes by JP Vossen, Felipe Franciosi, and Drew Smith * Compiles on Tru64 now - thanks Hari Gopal and Darryl Cook. * libintsnort.a is no longer included in compile routine (this is the Solaris "ar" problem some people have had) * Snort templates have been updated * Fixed issue with CSV not displaying its output correctly - thanks Bill Guyton and Alan Milligan for your fixes. * Fixed Flow-Portscan alert-mode bug where only one alert would get generated. Thanks Kevin Amorin for pointing out the problem and testing the fix. * Minor Makefile fix for "unexpected end of line" at the verstuff.pl line when not using GNU "make" on Solaris - Thanks for the report, Chad Kreimendahl. * Removed escaping of '%' and '_' characters in MySQL (thanks Kristofer Karas). For further info on changes, please review the ChangeLog and RELEASE.NOTES, which can be found in the parent directory of the snort source. Happy Snorting, The Snort Team ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356 <http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click> &alloc_id=3438&op=click _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel
------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id56&alloc_id438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: [Snort-devel] SNORT has memory leak on Linux Red hat 9 Kumar, Manoj (Feb 25)
- <Possible follow-ups>
- RE: [Snort-devel] SNORT has memory leak on Linux Red hat 9 Kumar, Manoj (Feb 27)