Lowmem issue

[James Lay <jlay () slave-tothe-box net>]

Been seeing these as of late:

Feb  6 15:05:46 snort[21636]: FATAL ERROR: Can't start DAQ (-1) - eth0: 
Couldn't allocate enough memory for the kernel packet ring!!

free -lm:

              total       used       free     shared    buffers     
cached
Mem:         12012      11281        730       1207         38       
5599
Low:         12012      11281        730
High:            0          0          0
-/+ buffers/cache:       5642       6369
Swap:         5235       1192       4043


Not sure where to check...memorywise I'm running with:

config disable_decode_alerts
config disable_tcpopt_experimental_alerts
config disable_tcpopt_obsolete_alerts
config disable_tcpopt_ttcp_alerts
config disable_tcpopt_alerts
config disable_ipopt_alerts
config checksum_mode: all
config pcre_match_limit: 3500
config pcre_match_limit_recursion: 1500
config detection: search-method ac-split search-optimize max-pattern-len 
20
config event_queue: max_queue 8 log 3 order_events content_length
config paf_max: 16000

Any thoughts would be awesome...thank you.

James

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!