Snort mailing list archives
Re: Memory "Leakage" Snort 2.2.0 - Windows?
From: Jeremy Hewlett <jh () sourcefire com>
Date: Fri, 10 Dec 2004 12:29:22 -0500
On Mon, Dec 06, John Steele wrote:
Has anyone experienced significant memory "leakage" with snort 2.2.0 under Windows 2000 Server?
I don't think this has much to do with Windows (more below).
We installed 2.2 on a 2000 machine last week and have been having a number of shutdowns where the system reports that there is no memory available for processes, including user logons. (We have been running Snort 1.8 under Windows NT 4.0 for some time now without a problem)
Snort 1.8 was still considered a lightweight IDS. With the 2.0 revamp, Snort is now considered commercial-grade. These sorts of changes will inevitably require more memory. A couple of big items that would suck up large amounts of memory are stream4 and the detection engine. If memory is an issue, which it appears so, you should try setting a memcap on stream4, and using the 'lowmem' detection engine. These are documented in the default snort.conf. You may also want to tune other preprocessors with memcaps, prune unneeded rules, etc. ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Memory "Leakage" Snort 2.2.0 - Windows? John Steele (Dec 08)
- Re: Memory "Leakage" Snort 2.2.0 - Windows? Jeremy Hewlett (Dec 10)