Parvinder,
For kicks, can you go into the snort configuration file
(/etc/snort/snort.conf) and comment out the like for the stream4
preprocessor?
change:
preprocessor stream4: disable_evasion_alerts
to:
#preprocessor stream4: disable_evasion_alerts
Just to see if your memory usage changes. It would really be a big help.
Same for the snort_inline configuration
(/etc/snort_inline/snort_inline.conf). On my honeywall, these are the
two processes that hog the memory.
And of course, restart them after changing the configuration file :)
/etc/init.d/hflow-snort restart
/etc/init.d/hflow-snort_inline restart
Rob
> On 10/20/07, Parvinder Bhasin <[EMAIL PROTECTED]> wrote:
> > Hi Rob,
> >
> > I setup another HW with roo 1.2, which is pentium 4 3.2gh with 2Gigs of
> > RAM and I think the problem really is with memory leak. So after
> > deploying this honeywall I was looking at top and watching the memory
> > usage climb up within 15 mins. So within 15 mins all of my 2gig memory
> > was used up and system started writing to swap. At this point walleye
> > wasn't reporting anything and moreover, I couldn't even run tcpdump.
> > Tcpdump would run and miss packets like anything. Hope this helps in
> > troubleshooting this. Right now I haven't spent any time
> > troubleshooting what program is causing memory leak but my hunch is snort.
> >
> > Hope this info helps.
> >
> > -Parvinder Bhasin
_______________________________________________
Honeywall mailing list
[email protected]
https://public.honeynet.org/mailman/listinfo/honeywall
