Project

General

Profile

Actions

Bug #15048

open

Snort large memory consumption when updating

Added by Ricardo ot about 1 year ago. Updated 10 months ago.

Status:
New
Priority:
High
Assignee:
-
Category:
Snort
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Affected Version:
2.7.1
Affected Plus Version:
Affected Architecture:
amd64

Description

Snort since the last updates uses a lot of memory when updating and it has a big impact. Can this be improved?

Thanks,

I have these configurations active for 2 interfaces:
Resolve Flowbits. checked.
Use IPS Policy. Checked.
IPS Policy Selection. Connectivity.
All the rulesets (Categories). Checked all

I already changed the PfBlokerng configuration to use "Unbound python mode" and changed the time so that the update is not done at the same time. This has improved PfblockerNg's memory usage.

System log Logs:

Nov 29 00:48:16 php 46952 [pfBlockerNG] No changes to Firewall rules, skipping Filter Reload
Nov 29 00:45:00 php 46952 [pfBlockerNG] Starting cron process.
Nov 29 00:25:57 php 85398 [Snort] The Rules update has finished.
Nov 29 00:25:57 php 85398 [Snort] Snort has restarted on WANONT with your new set of rules...
Nov 29 00:25:45 php 85398 [Snort] Snort START for WANONT...
Nov 29 00:25:44 kernel pid 31736 (snort), jid 0, uid 0: exited on signal 11 (core dumped)
Nov 29 00:25:44 snort 31736 * * * Caught Term-Signal
Nov 29 00:25:43 php 85398 [Snort] Snort STOP for WANONT...
Nov 29 00:25:42 php 85398 [Snort] Building new sid-msg.map file for WANONT...
Nov 29 00:25:42 php 85398 [Snort] Enabling any flowbit-required rules for: WANONT...
Nov 29 00:25:42 php 85398 [Snort] Enabling any flowbit-required rules for: WANONT...
Nov 29 00:25:41 php 85398 [Snort] Updating rules configuration for: WANONT ...
Nov 29 00:25:41 php 85398 [Snort] Snort has restarted on LAN with your new set of rules...
Nov 29 00:25:29 kernel pid 29090 (snort), jid 0, uid 0: exited on signal 11 (core dumped)
Nov 29 00:25:29 php 85398 [Snort] Snort START for LAN...
Nov 29 00:25:28 snort 29090 *** Caught Term-Signal
Nov 29 00:25:27 php 85398 [Snort] Snort STOP for LAN...
Nov 29 00:25:27 php 85398 [Snort] Building new sid-msg.map file for LAN...
Nov 29 00:25:27 php 85398 [Snort] Enabling any flowbit-required rules for: LAN...
Nov 29 00:25:26 php 85398 [Snort] Enabling any flowbit-required rules for: LAN...
Nov 29 00:25:26 php 85398 [Snort] Updating rules configuration for: LAN ...
Nov 29 00:25:25 php 85398 [Snort] Building new sid-msg.map file for WAN...
Nov 29 00:25:25 php 85398 [Snort] Enabling any flowbit-required rules for: WAN...
Nov 29 00:25:25 php 85398 [Snort] Enabling any flowbit-required rules for: WAN...
Nov 29 00:25:24 php 85398 [Snort] Updating rules configuration for: WAN ...
Nov 29 00:25:24 php 85398 [Snort] Removed 49 obsoleted rules category files.
Nov 29 00:25:24 php 85398 [Snort] Hide Deprecated Rules is enabled. Removing obsoleted rules categories.
Nov 29 00:25:17 php 85398 [Snort] Feodo Tracker Botnet C2 IP rules were updated...
Nov 29 00:25:17 php 85398 [Snort] Feodo Tracker Botnet C2 IP rules file update downloaded successfully.
Nov 29 00:25:17 php 85398 [Snort] Emerging Threats Open rules file update downloaded successfully
Nov 29 00:25:15 php 85398 [Snort] There is a new set of Emerging Threats Open rules posted. Downloading emerging.rules.tar.gz...
Nov 29 00:25:15 php 85398 [Snort] Snort GPLv2 Community Rules file update downloaded successfully
Nov 29 00:25:13 php 85398 [Snort] There is a new set of Snort GPLv2 Community Rules posted. Downloading community-rules.tar.gz...
Nov 29 00:25:13 php 85398 [Snort] Snort Subscriber rules file update downloaded successfully
Nov 29 00:25:04 php 85398 [Snort] There is a new set of Snort Subscriber rules posted. Downloading snortrules-snapshot-29200.tar.gz...


Files

Actions

Also available in: Atom PDF