[Bro] Memory Issue with Bro
Azoff, Justin S
jazoff at illinois.edu
Fri Oct 2 09:21:59 PDT 2015
> On Sep 30, 2015, at 11:55 AM, Joe Blow <blackhole.em at gmail.com> wrote:
>
> I'm super interested in this thread, as I believe i'm experiencing the same memory leak, using the solarflare cards.
> i'm running a similar setup, with 20 workers and lots of traffic, but i'm having to bounce the entire NIC once Bro goes haywire. Bro doesn't take too long before it's wiped the whole box out of memory (all 192GB).
>
> Please let me know how to troubleshooting goes. I'm happy to provide logs.
>
> Cheers,
>
> JB
Memory leaks are tricky. It is important to make a distinction about what component is using a lot of memory:
1) the workers - analyzer issues and leaks in general would show up here.
2) the proxies - communication related
3) the manager - child - if the manager is overloaded the child will buffer log data
4) the manager - parent - if a logging destination is overloaded the parent will buffer log writes
If your manager processes are using a lot of ram, that doesn't have anything to do with the capture library in use.
--
- Justin Azoff
More information about the Bro
mailing list