Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: [Snort-devel] SNORT has memory leak on Linux Red hat 9

From: "Kumar, Manoj" <kumarm () netscout com>
Date: Fri, 27 Feb 2004 11:21:09 -0500
Guys,
Thanks for your reply. It seems to be a problem with Linux OS. We sent the same issue to Linux users mailing list and 
we got back the reply that 
"I regularly see people, on this 
list and on others, misinterpret memory-usage reports to infer the presence 
of memory leaks where none exist. For example, if you are using "free" to 
check memory use, you should be using the second line of its output, not 
its first. And if you are using "top" ... don't; use "free" instead. As 
reported by "top" or the first line of "free", memory usage on any Linux 
system will always increase until almost 100% of real (not swap) memory is 
"in use" ... but that's just kernel buffering at work, not a real tying up 
of RAM, and does not indicate a system or application problem."

So,basically,it's a normal behaviour for Linux to consume all the physical memory.It has nothing to do with SNORT.

So,it seems our SNORT is behaving as it should :)

Manoj

-----Original Message-----
From: Ian Macdonald [mailto:ism () iwasdot com]
Sent: Wednesday, February 25, 2004 6:06 PM
To: Kumar, Manoj
Cc: Jeremy Hewlett; snort-users () lists sourceforge net;
snort-devel () lists sourceforge net; snort-announce () lists sourceforge net
Subject: Re: [Snort-devel] SNORT has memory leak on Linux Red hat 9


The first thing that seems odd is that the memory doesn't free up after
killing the process. Normally all memory would be released on application
termination. When you say memory doesn't free what item are you looking
at?
One thing you might want to do is try killing other applications to see if
they are the ones that are stealing the memory. You may even want to
remove the loaded modules one by one incase the memory leak is in the
network driver module.
The only other thing of the top of my head is that machine is swapping so
much that it takes time for the OS to swap out the memory from disk to
allow it to be released?
Have you tried it on a different OS or Kernel?


Hello everybody,
I am running SNORT ver 2.1.0 to capture data from my giga bit network on
RedHat Linux 9 where SNORT is capturing 100MB of data per minute (Lots of
data). Problem is that memory usage keeps going as long as SNORT is
running.
WORST thing is that even if you kill the SNORT process, it doesn't release
the memory. Memory usage remains as it is.
Would you guys please help me out? Why SNORT is behaving like this and
anybody has noticed this problem?

Thanks
Manoj


-----Original Message-----
From: Jeremy Hewlett [ mailto:jh () sourcefire com]
Sent: Wednesday, February 25, 2004 4:41 PM
To: snort-users () lists sourceforge net
Cc: snort-devel () lists sourceforge net;
snort-announce () lists sourceforge net
Subject: [Snort-devel] Snort 2.1.1 final is available!


Greetings!

Snort 2.1.1 is now available - Thanks everyone who installed RC1 and
tried it out! The differences between RC1 and final are minor, and
include:

* Documentation updates and fixes by JP Vossen, Felipe Franciosi, and
  Drew Smith
* Compiles on Tru64 now - thanks Hari Gopal and Darryl Cook.
* libintsnort.a is no longer included in compile routine (this is the
  Solaris "ar" problem some people have had)
* Snort templates have been updated
* Fixed issue with CSV not displaying its output correctly - thanks
  Bill Guyton and Alan Milligan for your fixes.
* Fixed Flow-Portscan alert-mode bug where only one alert would get
  generated.  Thanks Kevin Amorin for pointing out the problem and
  testing the fix.
* Minor Makefile fix for "unexpected end of line" at the verstuff.pl
  line when not using GNU "make" on Solaris - Thanks for the report,
  Chad Kreimendahl.
* Removed escaping of '%' and '_' characters in MySQL (thanks
  Kristofer Karas).

For further info on changes, please review the ChangeLog and
RELEASE.NOTES, which can be found in the parent directory of the snort
source.

Happy Snorting,
The Snort Team



-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356
<http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click>
&alloc_id=3438&op=click
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel







-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56&alloc_id438&op=ick
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel


-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id56&alloc_id438&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: