Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    During installation: how is size of swap partition determined?

    2.1 Snapshot Feedback and Problems - RETIRED
    5
    6
    4127
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rcfa last edited by

      I sort-of have snort working, which means it's simply running and spewing out messages, but it's not blocking, etc.
      So running on three out of four interfaces, it uses up most of the system's resources: swap is at 89% and memory at 87%.

      Is Snort such a hog, or am I doing something stupid?

      Also, seeing that a 60GB drive is nothing big these days (and even as SSD it only cost me $50), wouldn't it be meaningful to make a somewhat bigger swap partition or sizing it as a percentage of available disk space?

      Also, is there a way to increase the swap space without reinstalling the whole thing?

      1 Reply Last reply Reply Quote 0
      • C
        cmb last edited by

        Swap uses FreeBSD's default, 2xRAM. If you're touching swap at all, you have issues. When your system memory goes from RAM speed to disk speed, you're going to have performance problems. With certain config options, Snort will use a ton of RAM. You don't need more swap, you need to fix whatever is chewing up all your RAM. You have to reinstall if you want more swap, but don't bother.

        1 Reply Last reply Reply Quote 0
        • R
          rcfa last edited by

          @cmb:

          Swap uses FreeBSD's default, 2xRAM. If you're touching swap at all, you have issues. When your system memory goes from RAM speed to disk speed, you're going to have performance problems.

          At least I have a reasonably fast SSD, but yes, I'd rather not hit swap, particularly since I have 4GB RAM, which one might think ought to be sufficient…

          @cmb:

          With certain config options, Snort will use a ton of RAM. You don't need more swap, you need to fix whatever is chewing up all your RAM. You have to reinstall if you want more swap, but don't bother.

          Any specific options to look out for? I don't think I enabled anything in particular, but the rule sets it downloada seem to be rather large…

          1 Reply Last reply Reply Quote 0
          • jimp
            jimp Rebel Alliance Developer Netgate last edited by

            You can try setting the snort instance to 'lowmem' instead of the default. Otherwise it doesn't matter how big the ruleset you downloaded it, it's about how many of those categories you have enabled. The more categories you have enabled, the more memory (and CPU) it will use.

            1 Reply Last reply Reply Quote 0
            • T
              toomeek last edited by

              @jimp:

              You can try setting the snort instance to 'lowmem' instead of the default. Otherwise it doesn't matter how big the ruleset you downloaded it, it's about how many of those categories you have enabled. The more categories you have enabled, the more memory (and CPU) it will use.

              Well, good to know. I almost killed my box and I had to disable SNORT.

              1 Reply Last reply Reply Quote 0
              • N
                novacoresystems last edited by

                Yeah, snort has a bunch of different optimization settings for memory/CPU usage. I've run into this problem as well and had to change my settings. I have a business I deployed it in with 100+ users and snort on the WAN interface. After a day or two it's up to 90% usage with a good amount of swap being used. Snort does seem to be a bit of a memory hog, but I found that optimizing the firewall algorithm to aggressive and playing with how many states pfsense can have etc in the advanced settings can help as well.. I guess it depends on your environment/traffic load

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post

                Products

                • Platform Overview
                • TNSR
                • pfSense
                • Appliances

                Services

                • Training
                • Professional Services

                Support

                • Subscription Plans
                • Contact Support
                • Product Lifecycle
                • Documentation

                News

                • Media Coverage
                • Press
                • Events

                Resources

                • Blog
                • FAQ
                • Find a Partner
                • Resource Library
                • Security Information

                Company

                • About Us
                • Careers
                • Partners
                • Contact Us
                • Legal
                Our Mission

                We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                Subscribe to our Newsletter

                Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                © 2021 Rubicon Communications, LLC | Privacy Policy