[Snort-users] mem leak in snort-1.8-beta5 from 31-May CVS

Jason Haar Jason.Haar at ...294...
Thu May 31 23:49:05 EDT 2001


I'm running snort under Redhat 6.2 on two different boxes. One with config
based on that from www.snort.org, and another from Max's vision18.conf.

Basically I run out of memory on them...

I'm just about to kill for the second time in two days snort as it hits 70Mb
of RAM. 

USER       PID %CPU %MEM   VSZ  RSS TTY      STAT START   TIME COMMAND
snort     2435  1.2  3.2 71924 12360 ?       S    08:59   5:07
 /usr/bin/snort.cvs  -u snort -g snort -e -d -a -o -I -i eth1 -c
 /etc/snort/site.conf -D

I have the following config option set:

output alert_syslog: LOG_AUTH LOG_ALERT
output database: log, mysql, 
preprocessor defrag
preprocessor stream: timeout 23, ports 21 23 25 80 110 143, maxbytes 16384
preprocessor http_decode: 80 2301
preprocessor portscan: $INTERNAL 5 5 portscan


My guess there's a leak in stream still?

-- 
Cheers

Jason Haar

Unix/Special Projects, Trimble NZ
Phone: +64 3 9635 377 Fax: +64 3 9635 417




More information about the Snort-users mailing list