Snort mailing list archives
Re: Snort High Memory Usage
From: waldo kitty <wkitty42 () windstream net>
Date: Sat, 01 Jun 2013 03:45:41 -0400
On 5/31/2013 20:00, Joel Esler wrote:
2.9.x takes more memory than 2.8.x. It does much more. Kinda of a bad comparison.
true but i was only posting those to show the difference... not really as a comparison of the two versions...
-- *Mobile* On May 31, 2013, at 7:54 PM, waldo kitty <wkitty42 () windstream net <mailto:wkitty42 () windstream net>> wrote:On 5/31/2013 19:27, Josh Bitto wrote:I'm just doing a top on command line and looking at mem% for each snort pid that comes up for the sensors.i thought that was likely the case ;) what are the numbers under the VIRT and RES columns? can i assume that you are doing SHIFT-M in top to sort by most memory used?We had Emerging threats and the original snort rules enabled. Took ET off and that took the memory down some, but I don't want to sacrifice that if I can help it.one box i'm looking at with 2.9.4.1 and only the default VRT rules set with no rules commented out or added shows VIRT = 371m RES = 119m another box with 2.8.6.1 and only the ET set plus some (~15) local.rules with some of the ET rules disabled from default shows VIRT = 199m RES = 175m-----Original Message----- From: waldo kitty [mailto:wkitty42 () windstream net] Sent: Friday, May 31, 2013 4:20 PM To: snort-users () lists sourceforge net <mailto:snort-users () lists sourceforge net> Subject: Re: [Snort-users] Snort High Memory Usage On 5/31/2013 17:46, Josh Bitto wrote:Currently I’m running 7 snort sensors on my pfsense firewall and each of them is at 672 mb’s for using memory. Which seems really high. I believe I read somewhere in documentation that the memory is usually around 200 mb’s. Can anyone shed some light on this for me?how many rules do you have enabled? what tool are you using to view that memory consumption? what column are those figures listed under in that tool?
-- NOTE: No off-list assistance is given without prior approval. Please keep mailing list traffic on the list unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite It's a free troubleshooting tool designed for production Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap2 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort High Memory Usage Josh Bitto (May 31)
- Re: Snort High Memory Usage waldo kitty (May 31)
- Re: Snort High Memory Usage Josh Bitto (May 31)
- Re: Snort High Memory Usage waldo kitty (May 31)
- Re: Snort High Memory Usage Joel Esler (May 31)
- Re: Snort High Memory Usage waldo kitty (Jun 01)
- Re: Snort High Memory Usage Josh Bitto (May 31)
- Re: Snort High Memory Usage waldo kitty (May 31)