Snort mailing list archives
Re: /var/log/messages filling up
From: "Cynthia Leonard (cyleonar)" <cyleonar () cisco com>
Date: Tue, 19 May 2015 09:27:34 +0000
The fix is not available in 2.9.7.2 it may not be worth the build. -Cynthia From: test engineer [mailto:test12524 () gmail com] Sent: Monday, May 18, 2015 8:39 PM To: Cynthia Leonard (cyleonar) Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] /var/log/messages filling up Cynthia, Thank you for your response. I'm currently configured as such: OS: CentOS 6.5 minimal install Snort: 2.9.6.2 snort.conf: stream5-global: memcap 1073741824 (maximum 1GB) prune_log_max 0 (thought this would disable these messages but it didn't) stream5-tcp: max_queued_bytes 0 (unlimited) max_queued_segs 0 (unlimited) This seems to have helped slightly but still pruning sessions due to memcap. I see SNORT 2.9.7.2 is now available. Is it worth the time to rebuild? Thanks again! On Mon, May 18, 2015 at 6:22 AM, Cynthia Leonard (cyleonar) <cyleonar () cisco com<mailto:cyleonar () cisco com>> wrote: Usually once the memcap reaches a certain limit, the sessions get pruned to free some memory. This message gets printed when x number sessions are pruned and sometimes it can be quickly fill /var/log/messages. This issue has been addressed in the upcoming version of snort 2.9.x. Regards Cynthia From: test engineer [mailto:test12524 () gmail com<mailto:test12524 () gmail com>] Sent: Wednesday, May 13, 2015 12:45 AM To: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net> Subject: [Snort-users] /var/log/messages filling up Constant streaming of: snort[2546]: S5: Pruned 10 sessions from cache for memcap. 1689 ssns remain. memcap: 8376897/8388608 in the messages file. Not sure what is causing it. Suggestions? Thank you!
------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- /var/log/messages filling up test engineer (May 12)
- Re: /var/log/messages filling up Cynthia Leonard (cyleonar) (May 18)
- Re: /var/log/messages filling up test engineer (May 18)
- Re: /var/log/messages filling up Cynthia Leonard (cyleonar) (May 19)
- Re: /var/log/messages filling up test engineer (May 18)
- Re: /var/log/messages filling up Cynthia Leonard (cyleonar) (May 18)