On 5/31/2013 19:27, Josh Bitto wrote:
I'm just doing a top on command line and looking at mem% for each snort pid
that comes up for the sensors.
i thought that was likely the case ;)
what are the numbers under the VIRT and RES columns?
can i assume that you are doing SHIFT-M in top to sort by most memory used?
We had Emerging threats and the original snort rules enabled. Took ET off and
that took the memory down some, but I don't want to sacrifice that if I can
one box i'm looking at with 188.8.131.52 and only the default VRT rules set with no
rules commented out or added shows
VIRT = 371m RES = 119m
another box with 184.108.40.206 and only the ET set plus some (~15) local.rules with
some of the ET rules disabled from default shows
VIRT = 199m RES = 175m
-----Original Message----- From: waldo kitty
[mailto:wkitty42 () windstream net] Sent: Friday, May 31, 2013 4:20 PM To:
snort-users () lists sourceforge net <mailto:snort-users () lists sourceforge net>
Subject: Re: [Snort-users] Snort High
On 5/31/2013 17:46, Josh Bitto wrote:
Currently I’m running 7 snort sensors on my pfsense firewall and each of
them is at 672 mb’s for using memory. Which seems really high. I believe I
read somewhere in documentation that the memory is usually around 200 mb’s.
Can anyone shed some light on this for me?
how many rules do you have enabled?
what tool are you using to view that memory consumption?
what column are those figures listed under in that tool?