[Oisf-users] Suricata runs out of memory on startup
Will Metcalf
william.metcalf at gmail.com
Mon Aug 22 21:53:04 UTC 2011
> Next, how do I get the git version. Since I installed my version from the
> tarball I'm sure it's not the git version. Can you point me to some docs on
> how to install via git?
http://www.openinfosecfoundation.org/index.php/download-suricata
"Latest Source from the Git Repository:
git clone git://phalanx.openinfosecfoundation.org/oisf.git
run autogen.sh, then the normal ./configure;make;make install."
On Mon, Aug 22, 2011 at 3:46 PM, Gene Albin <gene.albin at gmail.com> wrote:
> Victor,
> I did a 'cat *.rules |grep flowbits' and got LOTS of results. Many of
> which had "flowbits:isset"...3905, to be exact. Does that answer your
> question below about flowbits? If not, how do I tell if my rules contain
> flowbits?
>
> Next, how do I get the git version. Since I installed my version from the
> tarball I'm sure it's not the git version. Can you point me to some docs on
> how to install via git?
>
> Thanks,
> Gene
>
> On Mon, Aug 22, 2011 at 2:36 AM, Victor Julien <victor at inliniac.net> wrote:
>>
>> On 07/31/2011 05:36 PM, Dave Remien wrote:
>> > Peter,
>> >
>> > Gene has a 1G/3G kernel and can indeed get 3G; I sent him a quickie prog
>> > that shows that. After that, seems like valgrind is in order to try to
>> > figure out where the extra memory is being allocated, if you can't see
>> > why
>> > from the suri.yaml files.... possibly an area Victor could shed light
>> > on.
>> > Or, as you say, move to a 64 bit kernel. At least there Gene can get 4G
>> > -
>> > 8-).
>>
>> Do your ip rules (rbn.rules at least) contain flowbits? I think Matt
>> updated them to set flowbits, but any code other than the git master
>> will make memory usage explode. So you might want to try the git master
>> to be sure.
>>
>> --
>> ---------------------------------------------
>> Victor Julien
>> http://www.inliniac.net/
>> PGP: http://www.inliniac.net/victorjulien.asc
>> ---------------------------------------------
>>
>> _______________________________________________
>> Oisf-users mailing list
>> Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
>
> --
> Gene Albin
> gene.albin at gmail.com
>
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
More information about the Oisf-users
mailing list