[Bro] Bro Memory Consumtion
Powell, Scott
powellsm at musc.edu
Thu Mar 18 06:30:52 PDT 2010
I am loading the new one (http-ext-identified-files). I completely removed the old script as well as its @load statement.
Here are the scripts of Seth's that I'm currently running:
@load dns-passive-replication
@load http-ext-identified-files
@load http-hash
@load known-hosts
@load known-services
@load logging.ftp-ext
@load logging.http-ext
@load logging.smtp-ext
@load logging.ssh-ext
@load smtp-ext-count-rejects
@load software-ext
@load ssh-ext
@load ssl-ext
-Scott
-----Original Message-----
From: Justin Azoff [mailto:JAzoff at uamail.albany.edu]
Sent: Thursday, March 18, 2010 9:27 AM
To: Powell, Scott
Cc: Seth Hall; bro at ICSI.Berkeley.EDU
Subject: Re: [Bro] Bro Memory Consumtion
On Thu, Mar 18, 2010 at 09:25:05AM -0400, Powell, Scott wrote:
> I synced my scripts up with the latest and greatest from Seth's repository
> but am still seeing Bro consume all 16gb of memory after only an hour or two.
> When time permits I will try to debug further to see if I can narrow it down
> to a particular script/policy.
I forgot to mention, the name of the policy for the file detection changed..
Are you still loading http-identified-files or are you loading
http-ext-identified-files?
--
-- Justin Azoff
-- Network Security & Performance Analyst
More information about the Bro
mailing list