Re: [IPCop-devel] 1.3 to slow for old machines

[Mark W. <ma...@wo...>]

Hi,

John Edwards wrote:
> Is Snort (the Intrusion Detection System) turned on ?
> 
> The latest version of Snort (v2) uses a lot more memory (about 40MB)
> and I suspect that this is causing the DNS server and other programs 
> to be moved into swap, hence the delay.
> 
> I've got v1.3.0 on a P166 with 64MB of RAM running an ADSL line and 
> that has no noticable speed slow downs. Memory use with Snort, IPSec
> and a single SSH login is:
> 
> --------------------------------------------------------------------------
> # free -t
>              total       used       free     shared    buffers     cached
> Mem:         62948      48392      14556          0       1440       8512
> -/+ buffers/cache:      38440      24508
> Swap:       273096      12996     260100
> Total:      336044      61388     274656
> --------------------------------------------------------------------------
> 
> So my recomendation is to either switch off Snort or add at least 
> 16MB more RAM.

There is a config line for Snort 2.0 that should be used for low memory 
machines.  We'll soon provide a first fix for 1.3.0 to enable this.  Add 
this line to /etc/snort/snort.conf, just before the frag2 preprocessor:

config detection: search-method lowmem

and restart snort using /usr/local/bin/restartsnort.
On my machine, this limits Snort to 10MB of RAM.  I've done some testing 
with the other options, but couldn't get it down further.  It seems you 
need at least 32MB of RAM to run Snort.

Kind regards,

Mark
-- 
***************************************************************
* |\    /|      |  /|  /       Mark Wormgoor                  *
* | \  / |      | / | /        mailto:ma...@wo...       *
* |  \/  |ark   |/  |/ormgoor  http://www.wormgoor.com/mark/  *
***************************************************************