[Snort-users] More on the Possible Mem leak

Martin Roesch roesch at ...421...
Wed Apr 18 22:28:14 EDT 2001


What build number are you using?

    -Marty

Steve Halligan wrote:
> 
> This is from top:
>   PID USERNAME PRI NICE  SIZE   RES STATE WAIT     TIME    CPU COMMAND
> 14517 root     -16    0   34M   34M sleep bpf     60:37  6.93% snort
> 
> This is a kill -USR1 ####
> Apr 18 15:56:22 homefries snort:
> ============================================================================
> ===
> Apr 18 15:56:22 homefries snort: Snort received 1802179 packets
> Apr 18 15:56:22 homefries snort:  and dropped 8600(0.475%) packets
> Apr 18 15:56:22 homefries snort: Breakdown by protocol:
> Action Stats:
> Apr 18 15:56:22 homefries snort:     TCP: 1828907    (101.001%)
> ALERTS: 27
> Apr 18 15:56:22 homefries snort:     UDP: 74507      (4.115%)
> LOGGED: 14
> Apr 18 15:56:22 homefries snort:    ICMP: 363        (0.020%)
> PASSED: 0
> Apr 18 15:56:22 homefries snort:     ARP: 1305       (0.072%)
> Apr 18 15:56:22 homefries snort:    IPv6: 0          (0.000%)
> Apr 18 15:56:22 homefries snort:     IPX: 0          (0.000%)
> Apr 18 15:56:22 homefries snort:   OTHER: 9277       (0.512%)
> Apr 18 15:56:22 homefries snort: DISCARD: 0          (0.000%)
> Apr 18 15:56:22 homefries snort:
> ============================================================================
> ===
> Apr 18 15:56:22 homefries snort: Fragmentation Stats:
> Apr 18 15:56:22 homefries snort: Fragmented IP Packets: 0          (0.000%)
> Apr 18 15:56:22 homefries snort:    Rebuilt IP Packets: 0
> Apr 18 15:56:22 homefries snort:    Frag elements used: 0
> Apr 18 15:56:22 homefries snort: Discarded(incomplete): 0
> Apr 18 15:56:22 homefries snort:    Discarded(timeout): 0
> Apr 18 15:56:22 homefries snort:
> ============================================================================
> ===
> Apr 18 15:56:22 homefries snort: TCP Stream Reassembly Stats:
> 
> So basically, snort hasn't been running long and hasn't gotten a whole lot
> of traffic and is using 34M.  and yes it did cut off and not show any stream
> stats.  This is OBSD 2.8 btw, snort from CVS as of last week.
> 
> PS.  101.001% TCP?  What up with that?
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list