[Snort-users] More on the Possible Mem leak

Steve Halligan agent33 at ...187...
Wed Apr 18 17:07:21 EDT 2001


This is from top:
  PID USERNAME PRI NICE  SIZE   RES STATE WAIT     TIME    CPU COMMAND
14517 root     -16    0   34M   34M sleep bpf     60:37  6.93% snort

This is a kill -USR1 ####
Apr 18 15:56:22 homefries snort:
============================================================================
=== 
Apr 18 15:56:22 homefries snort: Snort received 1802179 packets
Apr 18 15:56:22 homefries snort:  and dropped 8600(0.475%) packets  
Apr 18 15:56:22 homefries snort: Breakdown by protocol:
Action Stats: 
Apr 18 15:56:22 homefries snort:     TCP: 1828907    (101.001%)
ALERTS: 27         
Apr 18 15:56:22 homefries snort:     UDP: 74507      (4.115%)
LOGGED: 14         
Apr 18 15:56:22 homefries snort:    ICMP: 363        (0.020%)
PASSED: 0          
Apr 18 15:56:22 homefries snort:     ARP: 1305       (0.072%) 
Apr 18 15:56:22 homefries snort:    IPv6: 0          (0.000%) 
Apr 18 15:56:22 homefries snort:     IPX: 0          (0.000%) 
Apr 18 15:56:22 homefries snort:   OTHER: 9277       (0.512%) 
Apr 18 15:56:22 homefries snort: DISCARD: 0          (0.000%) 
Apr 18 15:56:22 homefries snort:
============================================================================
=== 
Apr 18 15:56:22 homefries snort: Fragmentation Stats: 
Apr 18 15:56:22 homefries snort: Fragmented IP Packets: 0          (0.000%) 
Apr 18 15:56:22 homefries snort:    Rebuilt IP Packets: 0          
Apr 18 15:56:22 homefries snort:    Frag elements used: 0          
Apr 18 15:56:22 homefries snort: Discarded(incomplete): 0          
Apr 18 15:56:22 homefries snort:    Discarded(timeout): 0          
Apr 18 15:56:22 homefries snort:
============================================================================
=== 
Apr 18 15:56:22 homefries snort: TCP Stream Reassembly Stats: 

So basically, snort hasn't been running long and hasn't gotten a whole lot
of traffic and is using 34M.  and yes it did cut off and not show any stream
stats.  This is OBSD 2.8 btw, snort from CVS as of last week.  

PS.  101.001% TCP?  What up with that?




More information about the Snort-users mailing list