Snort mailing list archives
Re: Fwd: Snort 2.9.6.0 memory leak?
From: "Hui Cao (huica)" <huica () cisco com>
Date: Fri, 28 Feb 2014 12:08:43 +0000
This depends on your snort configuration. You can get the upper bound by adding up all memcap values for (frag3, stream5, all preprocessors etc). In addition, Max_tcp and Max_udp will also add up the memory on top of that. Normally, snort might use up to 1 G memory to stabilize. However, I have seen it reaches 1.5 G when max_tcp or max_udp is large. You can change those two values to get a smaller upper bound. Best, Hui. From: Mirek Suliba <msuliba () gmail com<mailto:msuliba () gmail com>> Date: Thursday, February 27, 2014 at 8:37 PM To: waldo kitty <wkitty42 () windstream net<mailto:wkitty42 () windstream net>> Cc: "snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>" <snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>> Subject: Re: [Snort-users] Fwd: Snort 2.9.6.0 memory leak? I'm not concern about free memory but about rate how fast and constant amount of memory used by Snort were growing. It was about 70MB per hour. I didn't want to get to situation when system started to be our of memory. Any suggestion at what level I should expect Snort memory usage to stabilize? Is that any "hard" limit for this? Thank you, - Mirek On Thu, Feb 27, 2014 at 6:32 PM, waldo kitty <wkitty42 () windstream net<mailto:wkitty42 () windstream net>> wrote: On 2/27/2014 5:32 PM, Mirek Suliba wrote:
Constant growth of memory usage looks a little bit scary but I hope that you are right that it will stop at some point. I will run it for a longer period of time to check.
is this a *nix box? if yes, *nix will properly use memory to the fullest... it is quite normal to see a *nix box using 98% RAM... winwhatever boxen, on the other hand, have been much different over the years... using all available memory is not a bad thing... it is, in fact, a very good thing... as long as it doesn't keep growing beyond what is truly needed ;) -- NOTE: No off-list assistance is given without prior approval. Please keep mailing list traffic on the list unless private contact is specifically requested and granted. ------------------------------------------------------------------------------ Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis & security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Flow-based real-time traffic analytics software. Cisco certified tool. Monitor traffic, SLAs, QoS, Medianet, WAAS etc. with NetFlow Analyzer Customize your own dashboards, set traffic alerts and generate reports. Network behavioral analysis & security monitoring. All-in-one tool. http://pubads.g.doubleclick.net/gampad/clk?id=126839071&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Fwd: Snort 2.9.6.0 memory leak? Mirek Suliba (Feb 27)
- Re: Fwd: Snort 2.9.6.0 memory leak? Hui Cao (huica) (Feb 27)
- Re: Fwd: Snort 2.9.6.0 memory leak? Mirek Suliba (Feb 27)
- Re: Fwd: Snort 2.9.6.0 memory leak? Hui Cao (huica) (Feb 27)
- Re: Fwd: Snort 2.9.6.0 memory leak? Mirek Suliba (Feb 27)
- Re: Fwd: Snort 2.9.6.0 memory leak? waldo kitty (Feb 27)
- Re: Fwd: Snort 2.9.6.0 memory leak? Mirek Suliba (Feb 27)
- Re: Fwd: Snort 2.9.6.0 memory leak? Hui Cao (huica) (Feb 28)
- Re: Fwd: Snort 2.9.6.0 memory leak? Mirek Suliba (Feb 28)
- Re: Fwd: Snort 2.9.6.0 memory leak? Hui cao (Feb 28)
- Re: Fwd: Snort 2.9.6.0 memory leak? Mirek Suliba (Feb 28)
- Re: Fwd: Snort 2.9.6.0 memory leak? Mirek Suliba (Feb 27)
- Re: Fwd: Snort 2.9.6.0 memory leak? Hui Cao (huica) (Feb 27)