Memory Throttling and Big O Impact of "filter"
Digital Ninja
dn1nj4 at gmail.com
Mon Feb 4 04:09:47 EST 2013
Good morning Carter,
I am trying to use racluster (v3.0.6.2) to periodically consolidate about
1500 argus files (~6GB) with the following options:
-M rmon -m saddr proto sport dport -L0 -Z s
And this runs pretty well. It takes about 20 minutes and consumes about
40% of my RAM before completing. However, I can forsee in the future where
I may need to double the amount of data consolidation that occurs and I was
looking for some measures to try to limit the amount of memory argus will
use.
I ran across an old post of a similar vein here:
http://permalink.gmane.org/gmane.network.argus/8306
and tried to implement the following basic racluster.conf filter:
filter="" mode="saddr proto sport dport" status=0 idle=600
When I run racluster with this configuration file, memory utilization was
indeed capped. It never reached over 3%. However, the process also ran
for over 8 hours and never completed (I had to kill it as that is not an
acceptable solution).
So my questions are:
1. What is the best way to limit memory utilization by racluster?
2. What should the expected big O impact of adding filters be?
3. Why is adding the filter causing the jump from 20 minutes to > 8 hours?
Thanks in advance,
dn1nj4
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://pairlist1.pair.net/pipermail/argus/attachments/20130204/18d6e651/attachment.html>
More information about the argus
mailing list