Snort mailing list archives

Previous By Date Next
Previous By Thread Next

S5 and memcap default setting

From: Eoin Miller <eoin.miller () trojanedbinaries com>
Date: Wed, 14 Sep 2011 15:41:47 +0000
Upgraded to Snort 2.9.1 finally and having some weird issues where it
seems to randomly die. Logging data shows a lot of Stream5 sessions
getting pruned for memcap. Not sure if this is the issue or not, but
at least this is getting rid of the huge amount of info logging that
was occurring in /var/log/messages:


From snort.conf:

---SNIP---
preprocessor stream5_global:
...
memcap 33554432
---SNIP---

I just quadrupled the default 8MB to 32MB, now that the Stream5
preproc is actively tracking more than the old conf setting of 8192
sessions to 262,144 I figured that may be a good start? Could be
something to add to the VRT conf and/or up the default in the code to?
Not sure if it will solve the randomly dying problem but I've left
instances screened and not forked so hopefully if it happens again I
can give you guys something more solid to go on.

-- Eoin

------------------------------------------------------------------------------
BlackBerry&reg; DevCon Americas, Oct. 18-20, San Francisco, CA
Learn about the latest advances in developing for the 
BlackBerry&reg; mobile platform with sessions, labs & more.
See new tools and technologies. Register for BlackBerry&reg; DevCon today!
http://p.sf.net/sfu/rim-devcon-copy1 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: