Re: Snort 2.9.1 memory usage

[Joel Esler <jesler () sourcefire com>]

Did you modify your configuration file during the upgrade?

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

On Jan 31, 2012, at 5:07 AM, Sudarshan Raghavan <sudarshan.t.raghavan () gmail com> wrote:

> Please let me know if you need more information. I have also tried
> running snort 2.9.1.2 with the set of rules used with snort 2.8.5 and
> can still see that memory usage is quite high. Can something be done
> when snort is being built to fix this? We need to run snort on
> machines that have only 1G of RAM and the current memory usage is too
> high for it.
>
> Regards,
> Sudarshan
>
> On Tue, Jan 31, 2012 at 1:11 PM, Sudarshan Raghavan
> <sudarshan.t.raghavan () gmail com> wrote:
> > Here is a better version of the question.
> >
> > Version of Snort: Version 2.9.1.2 IPv6 GRE (Build 84) libpcap: 0.8.3,
> > pcre: 7.0 18-Dec-2006, zlib: 1.2.3
> > Linux Kernel: 2.6.37.3 (32 bit)
> >
> > The problem seen is that the new version of snort uses upwards of 512M
> > of memory when it starts. This is even before any traffic is being
> > sent through it.
> >
> > 3806 root      30  10  562m 132m 2060 S    0  3.3   0:05.91 snort
> >
> > The 2.8.5 snort version that we had was using less than 50M of virtual
> > memory when it starts. I have tried bnfa-nq and lowmem-nq without any
> > luck. I have tried to start the new snort with just the 1 rule file
> > with about 10 rules in it without any big improvement. In the last
> > case memory usage did go down but was still greater than 450M. Is this
> > the expected behaviour with snort 2.9?
> >
> > Regards,
> > Sudarshan
> >
> > On Mon, Jan 30, 2012 at 7:30 PM, Sudarshan Raghavan
> > <sudarshan.t.raghavan () gmail com> wrote:
> > > We are upgrading our snort version from 2.8.5 to 2.9.1 and it looks like
> > > memory usage has gone up by an order of 10. I am currently debugging and
> > > wanted to check if there is something obvious that I am missing. We have
> > > IPv6 turned on. Please let me know if you need more information.
> > >
> > > Regards,
> > > Sudarshan
>
> ------------------------------------------------------------------------------
> Keep Your Developer Skills Current with LearnDevNow!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-d2d
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!