[Bro] out of memory after a couple days?
sconzo at visiblerisk.com
Thu Dec 5 08:39:57 PST 2013
Ooops, that's drops, here's ram. The past 24 (time since last restart)
have been pretty kind so far, but still some differences.
Name Type Node Pid Proc VSize Rss
manager manager 184.108.40.206 5075 child 153M 36M
manager manager 220.127.116.11 5070 parent 3G 1G
proxy-1 proxy 18.104.22.168 5179 child 165M 49M
proxy-1 proxy 22.214.171.124 5131 parent 260M 157M
worker-1-1 worker 126.96.36.199 5303 parent 444M 343M
worker-1-1 worker 188.8.131.52 5313 child 199M 90M
worker-1-2 worker 184.108.40.206 5307 parent 6G 6G
worker-1-2 worker 220.127.116.11 5314 child 199M 90M
worker-1-3 worker 18.104.22.168 5326 child 199M 90M
worker-1-3 worker 22.214.171.124 5306 parent 512M 410M
worker-1-4 worker 126.96.36.199 5308 parent 562M 463M
worker-1-4 worker 188.8.131.52 5329 child 199M 90M
worker-1-5 worker 184.108.40.206 5302 parent 2G 2G
worker-1-5 worker 220.127.116.11 5318 child 199M 90M
worker-1-6 worker 18.104.22.168 5305 parent 2G 2G
worker-1-6 worker 22.214.171.124 5315 child 199M 90M
worker-1-7 worker 126.96.36.199 5304 parent 1G 1G
worker-1-7 worker 188.8.131.52 5328 child 199M 90M
worker-1-8 worker 184.108.40.206 5327 child 199M 90M
worker-1-8 worker 220.127.116.11 5301 parent 2G 2G
On Thu, Dec 5, 2013 at 10:32 AM, Mike Sconzo <sconzo at visiblerisk.com> wrote:
> Only a couple of out my 8.
> Past 24hrs.
> Bro Netowrk Summary
> worker-1-1: 1386256281.234408 recvd=129751113 dropped=15 link=129751113
> worker-1-2: 1386256281.438440 recvd=140506954 dropped=539300 link=140506954
> worker-1-3: 1386256281.638378 recvd=117420631 dropped=1043252 link=117420631
> worker-1-4: 1386256281.838171 recvd=163357938 dropped=17 link=163357938
> worker-1-5: 1386256282.038370 recvd=145517241 dropped=52855 link=145517241
> worker-1-6: 1386256282.238350 recvd=144958714 dropped=18 link=144958714
> worker-1-7: 1386256282.438315 recvd=185940362 dropped=31 link=185940362
> worker-1-8: 1386256282.638694 recvd=158251689 dropped=33170 link=158251689
> On Thu, Dec 5, 2013 at 10:20 AM, Seth Hall <seth at icir.org> wrote:
>> On Dec 5, 2013, at 9:12 AM, Mike Patterson <mike.patterson at uwaterloo.ca> wrote:
>>> That was my assumption too. I upgraded on 8 November, leaked early AM 16th, and then again on the 29th. Traffic would have been at an ebb on the 16th, and rising on the 29th, so I don’t think it’s sheer volume - as you say, there must be something *in* the traffic. Or more likely, a sequence of things, otherwise I expect 2.2 would be vomiting all over my RAM far more often.
>> Another question I had is if you're only seeing it on a couple of worker processes or if it's all of them?
>> That might narrow it down a bit to tell us if it's just a single connection doing something weird that is causing it or if it's something larger.
>> Seth Hall
>> International Computer Science Institute
>> (Bro) because everyone has a network
>> Bro mailing list
>> bro at bro-ids.org
> cat ~/.bash_history > documentation.txt
cat ~/.bash_history > documentation.txt
More information about the Bro