Snort - out of swap space

  • Just upgraded to pfSense 1.2.2 and added the snort package.
    Downloaded rules and emergingthreat rules and started.

    Get this in the pfsense system log:

    kernel:swap_pager: out of swap space
    kernel: swap_pager_getswapspace(16): failed
    kernel: pid 5669 (snort), uid 0, was killed: out of swap space

    I have 256 MB ram, running sparseband setting. Swap usage is at 13% (not snort running).
    Do I need to add more RAM or is my swap to small? How could I check my swap size?

  • Nevermind, I succeded in adding a new disk and making it a swap partition.

  • You need more Ram plain and simple. A Gig is recommended.

  • Snort is a memory hog, the more rules you add (and the more complex they are) the more it becomes so.  Add as much memory as you can, at least 1 GB as CF says, but I'd recommend 2 GB+.

  • Yeah I noticed. Now have 512 MB RAM, and 3 GB swap partition. snort uses 1.3 GB.

    Will increase if I see a need. Will try running in this conf for a while.

    Shouldn't be much of an impact for surfing :P

Log in to reply