[Bro] OOM-killer & Bro
gary at doit.wisc.edu
Mon Feb 3 15:06:17 PST 2014
Quick question for those of you running Bro clusters. I often run into
situations where OOM-killer invokes and kills some Bro process. Do any
of you do anything to tune OOM-killer on Linux or otherwise tune memory
management, such as disabling OOM-killer, turning off swap etc?
Background : I've had various success tracking down the events that
cause me to suddenly run out of memory and ultimately crash. Sometimes
it seems to be the result of log rotation getting stuck on a really big
file (8Gig http or dns log), or a sudden 10G traffic spike overwhelming
the cluster. I've pursued various avenues to mitigate the issue such as
shorter log rotation intervals, pruning known high throughput compute
traffic, scheduling daily restarts etc. Ultimately I'm also looking to
increase RAM, but I'm concerned even with more RAM, I'm just a traffic
spike away from OOM-killer, especially since we are unlikely to be able
to buy cluster hardware fast enough to keep up with traffic volumes.
Office of Campus Information Security
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 6257 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140203/c495dedd/attachment.bin
More information about the Bro