Snort memory usage. how much is needed?
-
512mb ram
PIII 733MHZsnort only runs a couple of hours at most, hovewer i rarerly got anything less then ~120mb of free ram
eather snort2c or snort dies
11080 ?? Ss 0:02.68 snort -c /usr/local/etc/snort/snort.conf -l /var/log/snort -i fxp1 -A full -D
11083 ?? Is 0:00.01 snort2c -w /var/db/whitelist -a /var/log/snort/alerti have now with both processes running about ~180mb mb free (freshly restarted)
Mem: 163M Active, 87M Inact, 59M Wired, 60M Buf, 184M Free
Swap: 1024M Total, 1024M FreeAt the most i see "promiscuess mode disabled" or some like it
Only have 2 mem slots in the box and i dont have any 512 to insert.
Is this related to lack of memory?
/Fredde
-
How much snort needs depends on how you configure it. I've certainly seen it, under certain configurations, consume well over 1 GB of RAM.
-
Sounds like i need to get more memory then, and hope the snort crasing ends
/F
-
I shoudl say that I've never (yet) seen snort crash due to a lack of RAM. However, I've never run it for any length of time without at least 2 GB of RAM installed.
-
I'm running ac-sparsebands with about half of the rules enabled. I'm using approx. 240 MB per interface. This is on top of whatever else you're running.
-GTM
