I had talked about this previously when 7.45 was first released. Snort runs 2 instances when running on dual proc/core machine; therefore twice the memory usage.
I acutally notice my own ASG running quite lean, with over now 8600 patterns (up first by an addition of around 1300 more rules, and now another 300).
The mem usage is currently sitting at just over 300MB, with IPS, Web, VPNs, and other things running.
As all Astaro appliances with Dual Core CPU's have 2gb+ of memory, please let us know if you see high ram usages on lower memory systems with true dual cores. (AFAIK hyper threading doesn't cause multi-instance spawns, but i will check this).
Hi Angelo,
I just installed 7.460 on my single-core Atom system, and I've now got 2 snort processes running, consuming lots of RAM.
Thanks,
Barry
Astaro Beta Report
--------------------------------
Version: 7.460
Type: BUG
State: FIXED
Reporter: Billybob
Contributor:
MantisID: 10797
--------------------------------
The number of snort instances can be reduced to reduce memory usage.
The number of snort instances can be reduced to reduce memory usage.
The option is not offered via webadmin, but is adjustable via confd-client.
$ cc
MAIN- > ips -> num_instances
You can set the value with '=1' to have only one instance.
0 is used for auto selection.
top - 21:22:35 up 3 days, 1:35, 1 user, load average: 0.07, 0.10, 0.04
Tasks: 108 total, 2 running, 104 sleeping, 0 stopped, 2 zombie
Cpu(s): 0.0%us, 1.0%sy, 0.0%ni, 96.0%id, 0.0%wa, 0.0%hi, 3.0%si, 0.0%st
Mem: 1036344k total, 1004376k used, 31968k free, 30732k buffers
Swap: 1052248k total, 5740k used, 1046508k free, 171748k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
4944 root 14 -1 207m 186m 1896 S 0.3 18.4 3:54.90 snort_inline
13056 chroot 16 0 295m 121m 4340 S 0.0 12.0 1:22.83 httpproxy
4391 chroot 16 0 83284 63m 1024 S 0.0 6.3 4:51.49 clamd
3457 root 16 0 53436 48m 3508 S 0.0 4.8 1:03.47 mdw_daemon.plx
13063 root 16 0 75480 45m 2488 S 0.0 4.5 0:51.28 cssd
3096 root 15 0 44128 41m 1012 S 0.0 4.1 0:39.86 vmware-guestd
25702 wwwrun 16 0 48028 41m 3608 S 0.0 4.1 0:02.05 index.plx
25767 wwwrun 16 0 39040 32m 3412 S 0.0 3.2 0:01.09 asg.plx
4273 root 15 0 30268 22m 2216 S 0.0 2.2 0:19.30 smtpd.bin
25704 root 15 0 37252 20m 2688 S 0.0 2.0 0:00.94 confd.plx
25768 root 18 0 35164 19m 2372 S 0.0 1.9 0:00.19 confd.plx
20819 root 16 0 34928 19m 2408 S 0.0 1.9 0:00.19 confd.plx
3165 root 15 0 30660 16m 3832 S 0.0 1.7 0:12.40 confd.plx
4343 root 16 0 23688 15m 2052 S 0.0 1.6 0:02.02 smtpd.bin
3416 postgres 15 0 48952 15m 15m S 0.0 1.6 0:00.92 postgres
20817 wwwrun 16 0 21972 15m 3056 S 0.0 1.5 0:00.39 index.plx
3219 root 16 0 29888 13m 1428 S 0.0 1.4 0:31.22 confd.plx
3271 root 16 0 18340 11m 3388 S 0.0 1.2 0:01.38 notifier.plx
4090 postgres 16 0 49640 10m 10m S 0.0 1.1 0:01.84 postgres
3169 root 16 0 13860 10m 2088 S 0.0 1.0 0:33.80 dns-resolver.pl
3258 root 15 0 16076 10m 1820 S 0.0 1.0 0:00.08 aua.bin
4251 root 16 0 28320 9956 7408 S 0.0 1.0 3:15.54 ctasd
3486 root 15 0 14744 9516 2540 S 0.3 0.9 13:57.08 selfmonng.plx
4292 afcd 14 -1 11188 8720 1200 S 0.3 0.8 5:48.02 afcd
26095 root 16 0 10912 8480 2848 S 0.0 0.8 0:02.02 ips-reporter.pl
3763 root 15 0 11236 8476 1696 S 0.0 0.8 0:22.31 named
26098 root 16 0 10752 8232 2728 S 0.0 0.8 0:02.32 pfilter-reporte
20893 postgres 16 0 50104 8004 6832 S 0.0 0.8 0:00.19 postgres
26099 root 15 0 9596 7992 2496 S 0.0 0.8 0:01.44 admin-reporter.
26092 root 16 0 9916 7444 2656 S 0.0 0.7 0:06.52 websec-reporter
3527 root 16 0 14188 6916 540 S 0.0 0.7 0:00.02 selfmonng.plx
26093 root 15 0 9452 6892 2656 S 0.0 0.7 0:01.89 mailsec-reporte
26113 root 16 0 9016 6716 2700 S 0.0 0.6 0:01.26 ddclient
4354 postgres 16 0 50000 6624 5556 S 0.0 0.6 0:01.53 postgres
3409 postgres 16 0 48816 5328 5016 S 0.0 0.5 0:33.44 postgres
3217 root 16 0 8172 5200 1528 S 0.0 0.5 0:01.14 sysmond
20888 root 34 19 8972 4848 1624 S 0.0 0.5 0:00.08 snmpd
4153 postgres 15 0 50032 4720 3628 S 0.0 0.5 0:03.04 postgres
25824 postgres 16 0 50040 4392 3256 S 0.0 0.4 0:00.08 postgres
26094 root 16 0 6616 4188 2032 S 0.0 0.4 0:00.42 vpn-reporter.pl
4117 root 16 0 5336 3928 1432 S 0.0 0.4 0:00.50 hald
4077 root 16 0 7380 3208 2260 S 0.0 0.3 0:00.09 httpd
25715 wwwrun 16 0 7628 3176 1860 S 0.0 0.3 0:00.02 httpd
25760 wwwrun 16 0 7972 3156 1860 S 0.0 0.3 0:00.02 httpd
26168 chroot 15 0 7340 2328 1880 S 0.0 0.2 0:01.15 exim
25804 root 16 0 7220 2308 1768 S 0.0 0.2 0:00.02 sshd
4079 wwwrun 16 0 7192 1952 992 S 0.0 0.2 0:00.01 httpd
25839 root 15 0 2852 1692 1280 S 0.0 0.2 0:00.01 bash
26031 root 16 0 4468 1668 1376 S 0.0 0.2 0:00.01 pluto
top - 12:59:52 up 5 days, 19:39, 1 user, load average: 0.05, 0.05, 0.01
Tasks: 116 total, 1 running, 113 sleeping, 0 stopped, 2 zombie
Cpu(s): 0.7%us, 0.2%sy, 0.0%ni, 98.8%id, 0.3%wa, 0.0%hi, 0.0%si, 0.0%st
Mem: 2075084k total, 1546388k used, 528696k free, 436716k buffers
Swap: 1052248k total, 0k used, 1052248k free, 695960k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
2626 root 14 -1 151m 134m 2092 S 0 6.7 47:43.57 snort_inline
3189 root 16 0 54352 49m 3480 S 0 2.5 1:04.67 mdw_daemon.plx
3929 postgres 16 0 49644 36m 35m S 0 1.8 2:21.51 postgres
3148 postgres 15 0 48956 34m 33m S 0 1.7 0:01.71 postgres
4170 root 15 0 35660 27m 2208 S 0 1.4 16:04.35 smtpd.bin
2909 root 15 0 30764 16m 3836 S 0 0.8 0:31.76 confd.plx
4192 root 16 0 23508 15m 1848 S 0 0.8 0:00.82 smtpd.bin
2965 root 16 0 30052 13m 1428 S 0 0.7 0:05.96 confd.plx
The number of snort instances can be reduced to reduce memory usage.
The option is not offered via webadmin, but is adjustable via confd-client.
$ cc
MAIN- > ips -> num_instances
You can set the value with '=1' to have only one instance.
0 is used for auto selection.
Owner: Emmanuel Technology Consulting
Former Sophos SG(Astaro) advocate/researcher/Silver Partner
PfSense w/Suricata, ntopng,
Other addons to follow
