Snort memory usage. how much is needed?

Guest

512mb ram
PIII 733MHZ

snort only runs a couple of hours at most, hovewer i rarerly got anything less then ~120mb of free ram

eather snort2c or snort dies
11080  ??  Ss    0:02.68 snort -c /usr/local/etc/snort/snort.conf -l /var/log/snort -i fxp1 -A full -D
11083  ??  Is    0:00.01 snort2c -w /var/db/whitelist -a /var/log/snort/alert

i have now with both processes running about ~180mb mb free (freshly restarted)

Mem: 163M Active, 87M Inact, 59M Wired, 60M Buf, 184M Free
Swap: 1024M Total, 1024M Free

At the most i see "promiscuess mode disabled" or some like it

Only have 2 mem slots in the box and i dont have any 512 to insert.

Is this related to lack of memory?

/Fredde

Cry Havok

How much snort needs depends on how you configure it.  I've certainly seen it, under certain configurations, consume well over 1 GB of RAM.

Guest

Sounds like i need to get more memory then, and hope the snort crasing ends

/F

Cry Havok

I shoudl say that I've never (yet) seen snort crash due to a lack of RAM.  However, I've never run it for any length of time without at least 2 GB of RAM installed.

gtm

I'm running ac-sparsebands with about half of the rules enabled.  I'm using approx. 240 MB per interface.  This is on top of whatever else you're running.

-GTM