Re: [Honeywall] 1.2 quick fix for data in UI

Sat, 20 Oct 2007 21:52:52 -0700 

Hi Rob,
I setup another HW with roo 1.2, which is pentium 4 3.2gh with 2Gigs of RAM and I think the problem really is with memory leak. So after deploying this honeywall I was looking at top and watching the memory usage climb up within 15 mins. So within 15 mins all of my 2gig memory was used up and system started writing to swap. At this point walleye wasn't reporting anything and moreover, I couldn't even run tcpdump. Tcpdump would run and miss packets like anything. Hope this helps in troubleshooting this. Right now I haven't spent any time troubleshooting what program is causing memory leak but my hunch is snort. 

Hope this info helps.

-Parvinder Bhasin

Rob McMillen wrote:

List,
    Sorry it has taken me so long to find the reason for the lack of
data in the user interface after 24 hours, but I feel pretty good that
I finally did.
    It is actually due to mysql 5.x wait_timeout setting.  It is set
to 28800 which is 8 hours.  This means that if a client connects (via
tcp or unix socket) and has no activity in that time, the connection
will be closed.
   In previous versions of mysql, we could open a connection and it
would stay open till we closed it.  That is no longer valid.
   Could someone out there that is having this issue with the 1.2
version of the honeywall please try this quick fix and tell me if it
works for them?

Add the following to the [mysqld] portion of the /etc/hflow/my.cnf file:

#setting ot a year
set-variable=wait_timeout=31536000

The file should look something like this:

[mysqld]
#bin-log
skip-networking
skip-name-resolve
datadir=/var/lib/mysql
#tmpdir=/var/tmp
socket=/var/lib/mysql/mysql.sock
set-variable=key_buffer_size=256M
set-variable=table_cache=256
set-variable=sort_buffer=128M
#setting ot a year
set-variable=wait_timeout=31536000


[mysql.server]
user=mysql
basedir=/var/lib

[safe_mysqld]
err-log=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

After you make this modification to the my.cnf file, you will need to
restart mysql and hflow and sebek, but it might just be easier to
restart the honeywall to make sure everything is started properly.

Hope this helps while we fix the code.

Rob
_______________________________________________
Honeywall mailing list
[email protected]
https://public.honeynet.org/mailman/listinfo/honeywall



_______________________________________________
Honeywall mailing list
[email protected]
https://public.honeynet.org/mailman/listinfo/honeywall






















					Reply via email to