Snort mailing list archives
Re: /var/log/messages filling up
From: test engineer <test12524 () gmail com>
Date: Mon, 18 May 2015 11:09:20 -0400
Cynthia,
Thank you for your response. I'm currently configured as such:
OS: CentOS 6.5 minimal install
Snort: 2.9.6.2
snort.conf: stream5-global: memcap 1073741824 (maximum 1GB)
prune_log_max 0 (thought this
would disable these messages but it didn't)
stream5-tcp: max_queued_bytes 0 (unlimited)
max_queued_segs 0 (unlimited)
This seems to have helped slightly but still pruning sessions due to memcap.
I see SNORT 2.9.7.2 is now available. Is it worth the time to rebuild?
Thanks again!
On Mon, May 18, 2015 at 6:22 AM, Cynthia Leonard (cyleonar) <
cyleonar () cisco com> wrote:
Usually once the memcap reaches a certain limit, the sessions get pruned to free some memory. This message gets printed when x number sessions are pruned and sometimes it can be quickly fill /var/log/messages. This issue has been addressed in the upcoming version of snort 2.9.x. Regards Cynthia *From:* test engineer [mailto:test12524 () gmail com] *Sent:* Wednesday, May 13, 2015 12:45 AM *To:* snort-users () lists sourceforge net *Subject:* [Snort-users] /var/log/messages filling up Constant streaming of: snort[2546]: S5: Pruned 10 sessions from cache for memcap. 1689 ssns remain. memcap: 8376897/8388608 in the messages file. Not sure what is causing it. Suggestions? Thank you!
------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- /var/log/messages filling up test engineer (May 12)
- Re: /var/log/messages filling up Cynthia Leonard (cyleonar) (May 18)
- Re: /var/log/messages filling up test engineer (May 18)
- Re: /var/log/messages filling up Cynthia Leonard (cyleonar) (May 19)
- Re: /var/log/messages filling up test engineer (May 18)
- Re: /var/log/messages filling up Cynthia Leonard (cyleonar) (May 18)