[Bro] out of memory after a couple days?
Mike Patterson
mike.patterson at uwaterloo.ca
Wed Dec 4 19:34:01 PST 2013
I think you’re definitely running into a memory leak. I’ve had 2.2 processes try to grab up to 100GB of RAM. 8 workers, 96GB of RAM, but the box splits time with another 8 snort workers. My late 2.1 release (september 21 IIRC) was quite a bit more stable.
Mike
On Dec 4, 2013, at 7:05 PM, Gary Faulkner <gary at doit.wisc.edu> wrote:
> I've been running on Bro 2.2 for just under a month mostly without incident. After my most recent restart it ran for about two days since before I received crash reports for several workers and proxies across multiple hosts. Upon investigation it looks like I might have run out of memory. I found logs such as the following in /var/log/messages on all of my nodes (manager and worker nodes):
>
> bro invoked oom-killer
> ...
> Out of memory: Kill process 7152 (bro) score 151 or sacrifice child
>
> Has anyone seen this before? Is this just a sign I need more RAM or am I possibly running into a memory leak? I have run for up to a week without incident in the past before restarting of my own accord after making various changes to reporting, policy etc. The only thing I changed prior to the last restart was to disable an email notice I had previously set.
>
> Regards,
>
> --
> Gary Faulkner
> UW Madison
> Office of Campus Information Security
> 608-262-8591
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list