[Oisf-users] Suricata runs out of memory on startup
Gene Albin
gene.albin at gmail.com
Mon Aug 22 20:46:46 UTC 2011
Victor,
I did a 'cat *.rules |grep flowbits' and got LOTS of results. Many of
which had "flowbits:isset"...3905, to be exact. Does that answer your
question below about flowbits? If not, how do I tell if my rules contain
flowbits?
Next, how do I get the git version. Since I installed my version from the
tarball I'm sure it's not the git version. Can you point me to some docs on
how to install via git?
Thanks,
Gene
On Mon, Aug 22, 2011 at 2:36 AM, Victor Julien <victor at inliniac.net> wrote:
> On 07/31/2011 05:36 PM, Dave Remien wrote:
> > Peter,
> >
> > Gene has a 1G/3G kernel and can indeed get 3G; I sent him a quickie prog
> > that shows that. After that, seems like valgrind is in order to try to
> > figure out where the extra memory is being allocated, if you can't see
> why
> > from the suri.yaml files.... possibly an area Victor could shed light on.
> > Or, as you say, move to a 64 bit kernel. At least there Gene can get 4G -
> > 8-).
>
> Do your ip rules (rbn.rules at least) contain flowbits? I think Matt
> updated them to set flowbits, but any code other than the git master
> will make memory usage explode. So you might want to try the git master
> to be sure.
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
--
Gene Albin
gene.albin at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20110822/0b4e949a/attachment-0002.html>
More information about the Oisf-users
mailing list