Re: Question

["Gibson, Nathan J. (HSC)" <Nathan-Gibson () ouhsc edu>]

Mem:  12462404k total,   470188k used, 11992216k free,     1056k 


It shows I have 12GB 
-----Original Message-----
From: Martin Holste [mailto:mcholste () gmail com] 
Sent: Monday, July 18, 2011 12:10 PM
To: Gibson, Nathan J. (HSC)
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Question

That error message indicates the box doesn't have enough RAM for PF_RING to allocate its memory.  Are you sure you're 
not low in RAM for the box?  That might also be a product of using PCAP_MEMORY=6120.
Try removing the environment variables as they shouldn't be needed anyway when using PF_RING (as the modprobe.conf 
settings control it).

On Mon, Jul 18, 2011 at 9:42 AM, Gibson, Nathan J. (HSC) <Nathan-Gibson () ouhsc edu> wrote:
> I have been running snort for over a year now. Nothing has changed in 
> my configuration (except new rules). I have been running the same rule 
> categories for a year. All of the sudden (about a month ago) snort 
> started randomly stopping with no apparent errors in the logs. The 
> only error I get is when I try to restart snort I get the following error.
>
>
>
> 7/18/2011 9:33 AM :   snort[7491]: FATAL ERROR: Can't start DAQ (-1) - 
> can't mmap rx ring: Cannot allocate memory!
>
>
>
>
>
> As I said the only variable I have are the actual rules that are 
> updated from ET and Sourcefire. Could a rule be causing this?
>
>
>
> Here are the stats on my snort config:
>
>
>
>
>
>    ,,_     -*> Snort! <*-
>
>   o"  )~   Version 2.9.0.5 IPv6 GRE (Build 135)
>
>    ''''    By Martin Roesch & The Snort Team:
> http://www.snort.org/snort/snort-team
>
>            Copyright (C) 1998-2011 Sourcefire, Inc., et al.
>
>            Using libpcap version 1.1.1
>
>            Using PCRE version: 6.6 06-Feb-2006
>
>            Using ZLIB version: 1.2.3
>
>
>
>
>
> PCAP_MEMORY=6120 PCAP_FRAMES=65535 /usr/local/bin/snort -c 
> /etc/snort/snort.conf -i eth1 -D
>
>
>
>
>
> top - 09:41:21 up 2 days, 24 min,  1 user,  load average: 0.14, 0.24, 
> 0.22
>
> Tasks: 383 total,   1 running, 382 sleeping,   0 stopped,   0 zombie
>
> Cpu(s):  0.2%us,  0.1%sy,  0.0%ni, 99.6%id,  0.0%wa,  0.0%hi,  0.0%si, 
> 0.0%st
>
> Mem:  12462404k total,   470188k used, 11992216k free,     1056k 
> buffers
>
> Swap:  1020116k total,        0k used,  1020116k free,   260968k 
> cached
>
> ----------------------------------------------------------------------
> -------- AppSumo Presents a FREE Video for the SourceForge Community 
> by Eric Ries, the creator of the Lean Startup Methodology on "Lean 
> Startup Secrets Revealed." This video shows you how to validate your 
> ideas, optimize your ideas and identify your business strategy.
> http://p.sf.net/sfu/appsumosfdev2dev
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please see http://www.snort.org/docs for documentation

------------------------------------------------------------------------------
Storage Efficiency Calculator
This modeling tool is based on patent-pending intellectual property that
has been used successfully in hundreds of IBM storage optimization engage-
ments, worldwide.  Store less, Store more with what you own, Move data to 
the right place. Try It Now! http://www.accelacomm.com/jaw/sfnl/114/51427378/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please see http://www.snort.org/docs for documentation