[Bro] Bro Memory Consumtion
Seth Hall
hall.692 at osu.edu
Thu Mar 18 06:46:39 PDT 2010
Instead of loading each of the "logging." scripts, you could just load
enable-ext-logging at the top.
Oh! I think I just noticed your problem (and it's my fault!). Remove
dns-passive-replication.bro from your list of scripts and I think your
memory problems will go away. The two dns scripts need work still. I
may merge the two together at some point, but they don't clean up
after themselves very well yet and they *do* cause bad memory
consumption problems. Sorry about that! I really need to get all of
the documentation written for my scripts. :)
.Seth
On Mar 18, 2010, at 9:30 AM, Powell, Scott wrote:
> I am loading the new one (http-ext-identified-files). I completely
> removed the old script as well as its @load statement.
>
> Here are the scripts of Seth's that I'm currently running:
>
> @load dns-passive-replication
> @load http-ext-identified-files
> @load http-hash
> @load known-hosts
> @load known-services
> @load logging.ftp-ext
> @load logging.http-ext
> @load logging.smtp-ext
> @load logging.ssh-ext
> @load smtp-ext-count-rejects
> @load software-ext
> @load ssh-ext
> @load ssl-ext
>
> -Scott
>
> -----Original Message-----
> From: Justin Azoff [mailto:JAzoff at uamail.albany.edu]
> Sent: Thursday, March 18, 2010 9:27 AM
> To: Powell, Scott
> Cc: Seth Hall; bro at ICSI.Berkeley.EDU
> Subject: Re: [Bro] Bro Memory Consumtion
>
> On Thu, Mar 18, 2010 at 09:25:05AM -0400, Powell, Scott wrote:
>> I synced my scripts up with the latest and greatest from Seth's
>> repository
>> but am still seeing Bro consume all 16gb of memory after only an
>> hour or two.
>> When time permits I will try to debug further to see if I can
>> narrow it down
>> to a particular script/policy.
>
> I forgot to mention, the name of the policy for the file detection
> changed..
> Are you still loading http-identified-files or are you loading
> http-ext-identified-files?
>
> --
> -- Justin Azoff
> -- Network Security & Performance Analyst
---
Seth Hall
Network Security - Office of the CIO
The Ohio State University
Phone: 614-292-9721
More information about the Bro
mailing list