[Bro] Memory Consumption
Jason Batchelor
jxbatchelor at gmail.com
Thu Jun 26 08:12:56 PDT 2014
Hello Everyone:
I have a question concerning Bro memory utilization. I have two servers,
both with the following specs...
Intel(R) Xeon(R) CPU E5-2670 0 @ 2.60GHz x 32
48GB RAM
Running: CentOs 6.5
w/ PF_RING running on 16 workers with a 65536 ring slots.
I have Suricata and Bro running fine on one server (server A). Then I just
have Bro running on another server by itself (server B).
Both servers see about the same amount of data at peak load (~1gb/s).
On server A, memory utilization operates at capacity. With bro and suri
taking up just about all there is.
On server B, memory utilization operates at capacity as well? With Bro
slowly but surely consuming just about all available memory until it leaves
me with about 200k free for the rest of the system. This same behavior is
seen on server A as well, however, server A is seemingly stable with two
apps running? At certain points about a gig of memory is freed up, but then
it gets consumed all over again to that 200k threshold.
What is going on here? Is it normal for Bro to take up as much memory as it
can? Are others experiancing this too? Is there something I can do to
restrict Bro from being such a memory hog?
I was considering getting more memory for the servers, however based on
these tests I cannot be certain Bro will not just run away with the new
memory I give it in the same fashion :)
FWIW, I have been experiancing this with Bro 2.2 and 2.3.
Many thanks in advance for the help!
Thanks,
Jason
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140626/2e1b7c33/attachment.html
More information about the Bro
mailing list