[Oisf-users] Suricata runs out of memory on startup

Gene Albin gene.albin at gmail.com
Mon Aug 22 20:46:46 UTC 2011

   I did a 'cat *.rules |grep flowbits' and got LOTS of results.  Many of
which had "flowbits:isset"...3905, to be exact.  Does that answer your
question below about flowbits?  If not, how do I tell if my rules contain

  Next, how do I get the git version.  Since I installed my version from the
tarball I'm sure it's not the git version.  Can you point me to some docs on
how to install via git?


On Mon, Aug 22, 2011 at 2:36 AM, Victor Julien <victor at inliniac.net> wrote:

> On 07/31/2011 05:36 PM, Dave Remien wrote:
> > Peter,
> >
> > Gene has a 1G/3G kernel and can indeed get 3G; I sent him a quickie prog
> > that shows that. After that, seems like valgrind is in order to try to
> > figure out where the extra memory is being allocated, if you can't see
> why
> > from the suri.yaml files.... possibly an area Victor could shed light on.
> > Or, as you say, move to a 64 bit kernel. At least there Gene can get 4G -
> > 8-).
> Do your ip rules (rbn.rules at least) contain flowbits? I think Matt
> updated them to set flowbits, but any code other than the git master
> will make memory usage explode. So you might want to try the git master
> to be sure.
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users

Gene Albin
gene.albin at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20110822/0b4e949a/attachment-0002.html>

More information about the Oisf-users mailing list