[Bro] OOM-killer & Bro

Justin Azoff JAzoff at albany.edu
Tue Feb 4 10:59:02 PST 2014

On Tue, Feb 04, 2014 at 12:43:14PM -0600, Gary Faulkner wrote:
> 11:30AM
> cat * | wc -l ; sleep 1m ; cat * | wc -l
> 7618833
> 9873332
> diff=2,254,499/min

That is quite a lot of logs... Can you do just a `wc -l *` a minute
apart and diff that?  I'm particularly wondering what the rate of
notices/sec you are getting.  I recently ran into and fixed an issue
with notice supression using a lot of memory:


I wonder if that could be the issue you are running into..

-- Justin Azoff

More information about the Bro mailing list