[Bro] OOM-killer & Bro
Justin Azoff
JAzoff at albany.edu
Tue Feb 4 10:59:02 PST 2014
On Tue, Feb 04, 2014 at 12:43:14PM -0600, Gary Faulkner wrote:
> 11:30AM
> cat * | wc -l ; sleep 1m ; cat * | wc -l
> 7618833
> 9873332
> diff=2,254,499/min
That is quite a lot of logs... Can you do just a `wc -l *` a minute
apart and diff that? I'm particularly wondering what the rate of
notices/sec you are getting. I recently ran into and fixed an issue
with notice supression using a lot of memory:
https://bro-tracker.atlassian.net/browse/BIT-1115
https://github.com/bro/bro/commit/ec3f684c610f084fdea8ed5cf85f9c4390eb58e6
I wonder if that could be the issue you are running into..
--
-- Justin Azoff
More information about the Bro
mailing list