Argus memory issues

[Russell Fulton]

Hi All,

Sorry, I'm a bit late to the party :)

I have just restarted argus on the sensor that I have been having
trouble with and in a couple of hours one instance of argus has grown to
well over 200MB (this one is collecting content).  One on the same
machine just collecting flow data is now at 99MB  both are still increasing.

No wonder the box is starting to swap.

Do we have any idea when this bug crept in?  So far as I can tell I
started having problems less than a month ago roughly coincident with
installing the 3.0.0.0 release veriom.  Previously I had been running
RC40 without problems since February.   Yesterday I went back to RC40
and I am having the same trouble.

I wonder if there is some new application that is tickling this bug in
argus -- e.g. changes to SKYPE or something like that that both Peter
and I would see but commercial folk would block.  I'd love to blame
storm worm but we have not seen much of it here.

One other observation: argus keeps *all* its memory in physical memory
-- it does not get swapped out so this is killing snort which is getting
swapped aggressively.

Russell