Re: not yet:: Re: freebsd/snort 2.9.0.3 daq: how do I verify it is using the ram?

[Michael Altizer <xiche () verizon net>]

On 01/30/2011 05:28 PM, Michael Scheidell wrote:
> On 1/30/11 3:49 PM, Michael Altizer wrote:
> > You will have to change the default net.bpf.maxbufsize like Frank 
> > said to be at least as large as what you entered or it will fall back 
> > on the maximum allowed (my FreeBSD install defaulted to 512k).
> patch applied, daq 0.5_1:
> still not convinced: but onto seeing what happens with -daq ipfw now.. 
> just because I am a sick individual and crave self abuse.
Side note:  On FreeBSD 8.1, I can pretty clearly see the VSZ increase by 
the desired amount with the buffer_size specification (and the patch 
applied).  Desired buffer sizes of 512k and 10mb.

USER   PID %CPU %MEM   VSZ   RSS  TT  STAT STARTED      TIME COMMAND
root 95062  0.0  1.0 28548  9856   0  S     5:41PM   0:00.07  snort 
--daq pcap --daq-var buffer_size=524288
root 95065  0.0  1.0 38788  9856   0  S     5:42PM   0:00.08  snort 
--daq pcap --daq-var buffer_size=10485760

# sysctl net.bpf
net.bpf.zerocopy_enable: 0
net.bpf.maxinsns: 512
net.bpf.maxbufsize: 10485760
net.bpf.bufsize: 4096

------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users