[Snort-users] Question About the Current CVS version of snort
lenb at ...750...
Mon Nov 6 02:46:11 EST 2000
On Sun, 5 Nov 2000, Christopher Cramer wrote:
> In theory, it should use ~128 kB per monitored connection. What
> connections are currently being monitored is a function of the timeout
> (specified in the preprocessor statement in the config file), what ports
> are being monitored, how many hosts the monitor can see and how many new
> connections are created/destroyed within the timeout.
> Around here, it usually levels off around 30 MB or so, but I should
> probably run this on our production snort box again to verify that (this
> has mainly been a time thing and not a lack of confidence thing :-)
> I did recently add some hashing to TCP reassembly code, I supose that
> could have screwed up the correct releasing of memory.
I found the source, actually on this machine it is the defrag
preprocessor. When I comment that out, memory use levels out at a
very modest level and is stable. I now will look into why. Thanks
for your help.
More information about the Snort-users