Snort - out of swap space
-
Just upgraded to pfSense 1.2.2 and added the snort package.
Downloaded rules and emergingthreat rules and started.Get this in the pfsense system log:
kernel:swap_pager: out of swap space
kernel: swap_pager_getswapspace(16): failed
kernel: pid 5669 (snort), uid 0, was killed: out of swap spaceI have 256 MB ram, running sparseband setting. Swap usage is at 13% (not snort running).
Do I need to add more RAM or is my swap to small? How could I check my swap size? -
Nevermind, I succeded in adding a new disk and making it a swap partition.
-
You need more Ram plain and simple. A Gig is recommended.
-
Snort is a memory hog, the more rules you add (and the more complex they are) the more it becomes so. Add as much memory as you can, at least 1 GB as CF says, but I'd recommend 2 GB+.
-
Yeah I noticed. Now have 512 MB RAM, and 3 GB swap partition. snort uses 1.3 GB.
Will increase if I see a need. Will try running in this conf for a while.
Shouldn't be much of an impact for surfing :P
