[Snort-devel] Memory-leak in snort-1.8.2 with logging to PostgreSQL database?

Jacobsson James james.jacobsson at ...959...
Mon Nov 19 06:14:03 EST 2001


The following is my setup:
A dual PIII-933 w/ 1Gb RAM running Slackware 8.0, and snort-1.8.2.
I am logging activity on 'eth1', an unnumbered interface. 

Snort is started with 'snort -i eth1 -D'

I'm using whitehats.com vision.conf ruleset, with logging to a PostgreSQL
database.
The following line is used to log to the database:
output database: log, postgresql, user=snort dbname=snort

After logging for about 18 hours, capturing some 7000 events, the 'snort'
process had consumed over 900Mb of RAM, and kept allocating. 

..
Has anyone else used 1.8.2 in combination with PostgreSQL logging?  Has
anyone else noticed these problems? 

Regards,
James Jacobsson

---
"The statements and opinions expressed here are my own and
do not necessarily represent those of Siemens Business Services A/S"




More information about the Snort-devel mailing list