[Snort-devel] (no subject)

Scott R. Myers smyers at ...819...
Fri Sep 14 06:28:03 EDT 2001


Hello all,

I'm new to this list but I'm sure to be a regular at this point.  I have a
question regarding snort and a memory utilization problem I'm seeing.  I
brought snort up with postgresql support and after returning the next day,
giving it around 10 hours to run, I found that the process had shut down and
my /var/log/messages file showed the following:

Sep 14 06:49:51 watchdog01 kernel: Out of Memory: Killed process 1051
(snort).
Sep 14 06:50:04 watchdog01 kernel: Out of Memory: Killed process 1051
(snort).
Sep 14 06:50:04 watchdog01 kernel: device eth1 left promiscuous mode

Specifics are:
RedHat 7.1
Linux watchdog01.(removed) 2.4.2-2 #1 Sun Apr 8 20:41:30 EDT 2001 i686
unknown
2 NICS (1 3com 1 Intel) one configured with and IP address the other without
*not sure off hand which is which
Celeron 566 platform with 256mb ram and an ide disk subsystem.

This is all connecting to a postgresql server on a separate machine.
details on this can be made available if required.

So what I'm doing now is running  snort with the snort.conf file modified to
log locally instead of to postgresql to eliminate that as a problem area.
The result so far are that the system is running but top shows a steady
increase in memory utilization.  I suspect that if it doesn't taper off at
some point I will see the same message within the next few hours as shown
above.

I would appreciate any insight you can offer me on this.  Thank you!

Scott R. Myers
smyers at ...819...





More information about the Snort-devel mailing list