[Snort-devel] Memory-leak in snort-1.8.2 with logging to PostgreSQL database?

Peter Moore peter at ...799...
Mon Nov 19 06:35:04 EST 2001

    i am logging Snort to a PostgreSQL database using Snort 1.8.2 and 
PostgreSQL 7.1.3 on BeOS 5 (BONE).
I not experiencing any increase in RAM from the Snort process. I am also 
logging alerts to the standard /var/log/snort/alert file as well.

my Snort is started: snort -c myconfigfile.conf
using the standard rules files plus a couple of my own.

Please note that i compiled mine with PostgreSQL support and OpenSSL support 
as the only "optional extras". Did you compile in anything else which might 
cause a problem?

Peter Moore

peter at ...799...
ICQ 926967 (old) 95022055 (new - Oct 18, 2000)
>The following is my setup:
>A dual PIII-933 w/ 1Gb RAM running Slackware 8.0, and snort-1.8.2.
>I am logging activity on 'eth1', an unnumbered interface. 
>Snort is started with 'snort -i eth1 -D'
>I'm using whitehats.com vision.conf ruleset, with logging to a PostgreSQL
>The following line is used to log to the database:
>output database: log, postgresql, user=snort dbname=snort
>After logging for about 18 hours, capturing some 7000 events, the 'snort'
>process had consumed over 900Mb of RAM, and kept allocating. 
>Has anyone else used 1.8.2 in combination with PostgreSQL logging?  Has
>anyone else noticed these problems? 
>James Jacobsson
>"The statements and opinions expressed here are my own and
>do not necessarily represent those of Siemens Business Services A/S"
>Snort-devel mailing list
>Snort-devel at lists.sourceforge.net

More information about the Snort-devel mailing list