[Bro] OOM-killer & Bro
Justin Azoff
JAzoff at albany.edu
Thu Feb 6 11:29:54 PST 2014
On Tue, Feb 04, 2014 at 01:19:15PM -0600, Gary Faulkner wrote:
> And the diff:
>
> 0 app_stats.log
> 0 capture_loss.log
> 395 communication.log
> 1344394 conn.log
> 156170 dns.log
> 1708 dpd.log
> 198478 files.log
> 152 ftp.log
> 221509 http.log
> 12 irc.log
> 12 known_certs.log
> 2299 known_hosts.log
> 185 known_services.log
> 27 notice.log
> 17 reporter.log
> 5049 smtp.log
> 0 socks.log
> 10157 software.log
> 334 ssh.log
> 69693 ssl.log
> 0 stderr.log
> 0 stdout.log
> 77627 syslog.log
> 5 traceroute.log
> 777 tunnel.log
> 57295 weird.log
> 2146295 total
You only had 27 notices, so it wasn't that problem..
I think @load'ing misc/profiling would be a good next troubleshooting
step. I believe the resulting prof.log can indicate which tables in
memory are growing too large.
--
-- Justin Azoff
More information about the Bro
mailing list