From: Mark W. <ma...@wo...> - 2003-04-29 17:10:37
|
Hi, John Edwards wrote: > Is Snort (the Intrusion Detection System) turned on ? > > The latest version of Snort (v2) uses a lot more memory (about 40MB) > and I suspect that this is causing the DNS server and other programs > to be moved into swap, hence the delay. > > I've got v1.3.0 on a P166 with 64MB of RAM running an ADSL line and > that has no noticable speed slow downs. Memory use with Snort, IPSec > and a single SSH login is: > > -------------------------------------------------------------------------- > # free -t > total used free shared buffers cached > Mem: 62948 48392 14556 0 1440 8512 > -/+ buffers/cache: 38440 24508 > Swap: 273096 12996 260100 > Total: 336044 61388 274656 > -------------------------------------------------------------------------- > > So my recomendation is to either switch off Snort or add at least > 16MB more RAM. There is a config line for Snort 2.0 that should be used for low memory machines. We'll soon provide a first fix for 1.3.0 to enable this. Add this line to /etc/snort/snort.conf, just before the frag2 preprocessor: config detection: search-method lowmem and restart snort using /usr/local/bin/restartsnort. On my machine, this limits Snort to 10MB of RAM. I've done some testing with the other options, but couldn't get it down further. It seems you need at least 32MB of RAM to run Snort. Kind regards, Mark -- *************************************************************** * |\ /| | /| / Mark Wormgoor * * | \ / | | / | / mailto:ma...@wo... * * | \/ |ark |/ |/ormgoor http://www.wormgoor.com/mark/ * *************************************************************** |