Re: [Sguil-users] tclsh8.4 is hogging all my real memory

[Sean M. <sea...@gm...>]

Doh !

I thought I had hit f8 on all the alerts I could see, I think my client 
is having troubles refreshing the screen

looks like I need to tune my snort rules and maybe have a closer look at 
at autocat

thanks for the fast response
I love sguil (but I still obviously have my trainer wheels on)
cheers

Sean
Bamm Visscher wrote:
> Sean,
> 
> Thats the problem. You haven't been categorizing alerts.  There is a
> quick explanation in the USAGE file included in the docs.  Let me know
> if you need further clarification.
> 
> Bammkkkkk
> 
> 
> On 11/9/06, Sean Macleod <sea...@gm...> wrote:
>> Hi Bamm
>> here is the output
>>
>> mysql> SELECT COUNT(*) FROM event WHERE status=0;
>> +----------+
>> | COUNT(*) |
>> +----------+
>> |   176190 |
>> +----------+
>> 1 row in set (0.74 sec)
>>
>> cheers
>>
>> Sean
>>
>> Bamm Visscher wrote:
>>> How many "active" alerts do you have? From a mysql prompt:
>>>
>>> mysql> SELECT COUNT(*) FROM event WHERE status=0;
>>>
>>> Bammkkkk
>>>
>>>
>>> On 11/9/06, Sean Macleod <sea...@gm...> wrote:
>>>> hello,
>>>>
>>>> I am running top on my squild server and top is telling me I only have
>>>> 32M of memory free
>>>>
>>>> here is my top output
>>>>
>>>> is this normal
>>>>
>>>> I am running solaris 9 on a dual CPU sunfire V210 with 2GB ram
>>>>
>>>> sguild is crashing out and dieing if try to look a transcript because of
>>>> the lack of free memory
>>>>
>>>> is this a bug in tcl or normal behavior ?
>>>>
>>>> I am using 8.4.13 compiled using gcc
>>>>
>>>> gcc -v
>>>> Reading specs from /usr/local/lib/gcc-lib/sparc-sun-solaris2.9/3.3.2/specs
>>>> Configured with: ../configure --with-as=/usr/ccs/bin/as
>>>> --with-ld=/usr/ccs/bin/ld --disable-nls --disable-libgcj
>>>> --enable-languages=c,c++ : (reconfigured) ../configure
>>>> --with-as=/usr/ccs/bin/as --with-ld=/usr/ccs/bin/ld --disable-nls
>>>> --disable-libgcj --enable-languages=c,c++
>>>> Thread model: posix
>>>> gcc version 3.3.2
>>>>
>>>> top output below
>>>>
>>>> last pid:  3560;  load averages:  0.63,  0.82,  0.87
>>>>                                       15:26:34
>>>> 30 processes:  28 sleeping, 2 on cpu
>>>> CPU states: 49.0% idle,  2.5% user,  2.0% kernel, 46.5% iowait,  0.0% swap
>>>> Memory: 2048M real, 30M free, 2364M swap in use, 278M swap free
>>>>
>>>>     PID USERNAME LWP PRI NICE  SIZE   RES STATE    TIME    CPU COMMAND
>>>>    3524 root       1  59    0 1653M 1261M sleep  215:42 22.55% tclsh8.4
>>>>    3139 mysql     11  59    0  701M  339M sleep   78:29  4.71% mysqld
>>>>     323 root       1  59    0 2120K  856K sleep    2:46  0.04% rpc.rstatd
>>>>    1470 root       1  59    0 2776K  560K cpu/1    0:14  0.00% top
>>>>      64 root       5  59    0 3520K 1912K sleep    0:10  0.00% picld
>>>>    3525 root       1  59    0 4408K 1800K sleep    0:03  0.00% tclsh8.4
>>>>    1439 root       1  59    0 3792K 1512K sleep    0:02  0.00% sshd
>>>>     384 root       1 100  -20 2128K 1256K sleep    0:01  0.00% xntpd
>>>>     307 root       1  59    0 1072K  592K cpu/0    0:00  0.00% utmpd
>>>>     299 root      19  59    0 3256K 1488K sleep    0:00  0.00% nscd
>>>>     289 root      20  59    0 4488K 1328K sleep    0:00  0.00% syslogd
>>>>     329 root       1  59    0 4432K 1264K sleep    0:00  0.00% sendmail
>>>>    1447 root       1  59    0 1896K 1048K sleep    0:00  0.00% ksh
>>>>     298 root       1  59    0 2336K  832K sleep    0:00  0.00% cron
>>>>     458 root       1  59    0 1960K  776K sleep    0:00  0.00% ksh
>>>>
>>>> -------------------------------------------------------------------------
>>>> Using Tomcat but need to do more? Need to support web services, security?
>>>> Get stuff done quickly with pre-integrated technology to make your job easier
>>>> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
>>>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
>>>> _______________________________________________
>>>> Sguil-users mailing list
>>>> Sgu...@li...
>>>> https://lists.sourceforge.net/lists/listinfo/sguil-users
>>>>
>>>
>>
>> -------------------------------------------------------------------------
>> Using Tomcat but need to do more? Need to support web services, security?
>> Get stuff done quickly with pre-integrated technology to make your job easier
>> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
>> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
>> _______________________________________________
>> Sguil-users mailing list
>> Sgu...@li...
>> https://lists.sourceforge.net/lists/listinfo/sguil-users
>>
> 
>