Argus memory issues
Russell Fulton
r.fulton at auckland.ac.nz
Fri Aug 24 21:06:22 EDT 2007
Peter Van Epp wrote:
> Still looking good this morning. It has run all night and is still
> under 300K of memory footprint:
>
>
Hmmm.... not so here:
PID USER PRI NI SIZE RSS SHARE STAT %CPU %MEM TIME CPU COMMAND
9466 snort 25 0 1036M 326M 524 S 3.9
21.7 184:51 1 snort
5751 argus 25 0 360M 338M 444 S 2.9
22.5 233:15 1 argus
5752 argus 25 0 180M 179M 440 S 2.5
11.9 214:08 1 argus
and yes -- I have issues with snort too :( -- I have decieded that 2.7
is what actually what put everything on the slippery slope...
rful011 at monitor-dmzo rful011]$ cat ~argus/sbin/start_argus
#!/usr/bin/perl -w
use POSIX qw(getpid);
use strict;
my $ARGUS = '/home/argus';
my $DATA = "$ARGUS/data";
chdir $DATA or die "Can't chdir to $DATA:$!";
if (fork) {
exec(split(/\s+/, "$ARGUS/sbin/argus -F $ARGUS/config/argus"));
} else {
exec(split(/\s+/, "$ARGUS/sbin/argus -F $ARGUS/config/argus-userdata"));
}
[rful011 at monitor-dmzo rful011]$ ~argus/sbin/argus -h
Argus Version 3.0.0.smallmemory.rc.2
usage: argus [options] [-i interface] [filter-expression]
usage: argus [options] -r packetfile [filter-expression]
For me the small memory version behaves almost exactly the same as the
normal argus ????
On Intel FC6.
After running for about 6 hours the both argus processes stop outputing
data. Presumable the output thread dies.
Hmmmm...... one question -- I need two output streams one with the first
200 bytes of content and the other with just flow data. Is there a
better way of doing it than running two argii?
Russell
More information about the argus
mailing list