Topic: Sleepy SME snort/oinkmaster/guardian/base - server hangs

[rmoria]

Since my install of these contribs, following the instructions given, my server got flooded last night.

I think it started with the following messages:

Code: [Select]

Jul 25 04:04:08 servername snortd: Restarting snortd succeeded
Jul 25 04:06:09 servername kernel: oom-killer: gfp_mask=0x1d2
Jul 25 04:06:10 servername kernel: Mem-info:
Jul 25 04:06:10 servername kernel: DMA per-cpu:
Jul 25 04:06:10 servername kernel: cpu 0 hot: low 2, high 6, batch 1
Jul 25 04:06:10 servername kernel: cpu 0 cold: low 0, high 2, batch 1
Jul 25 04:06:10 servername kernel: Normal per-cpu:
Jul 25 04:06:10 servername kernel: cpu 0 hot: low 28, high 84, batch 14
Jul 25 04:06:10 servername kernel: cpu 0 cold: low 0, high 28, batch 14
Jul 25 04:06:10 servername kernel: HighMem per-cpu: empty
Jul 25 04:06:10 servername kernel:
Jul 25 04:06:10 servername kernel: Free pages:       13000kB (0kB HighMem)
Jul 25 04:06:10 servername kernel: Active:25461 inactive:25681 dirty:0 writeback:0 unstable:0 free:3250 slab:3921 mapped:50771 pagetables:1674
Jul 25 04:06:10 servername kernel: DMA free:12576kB min:28kB low:56kB high:84kB active:0kB inactive:0kB present:16384kB pages_scanned:1330 all_unreclaimable? yes
Jul 25 04:06:11 servername kernel: protections[]: 0 0 0
Jul 25 04:06:12 servername kernel: Normal free:424kB min:452kB low:904kB high:1356kB active:101844kB inactive:102724kB present:237504kB pages_scanned:275418 all_unreclaimable? yes
Jul 25 04:06:12 servername kernel: protections[]: 0 0 0
Jul 25 04:06:12 servername kernel: HighMem free:0kB min:128kB low:256kB high:384kB active:0kB inactive:0kB present:0kB pages_scanned:0 all_unreclaimable? no
Jul 25 04:06:12 servername kernel: protections[]: 0 0 0
Jul 25 04:06:12 servername kernel: DMA: 4*4kB 4*8kB 3*16kB 4*32kB 3*64kB 1*128kB 1*256kB 1*512kB 1*1024kB 1*2048kB 2*4096kB = 12576kB
Jul 25 04:06:13 servername kernel: Normal: 0*4kB 1*8kB 16*16kB 1*32kB 0*64kB 1*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 424kB
Jul 25 04:06:13 servername kernel: HighMem: empty
Jul 25 04:06:13 servername kernel: Swap cache: add 228833, delete 228605, find 295214/307633, race 0+2
Jul 25 04:06:13 servername kernel: 0 bounce buffer pages
Jul 25 04:06:13 servername kernel: Free swap:            0kB
Jul 25 04:06:14 servername kernel: 63472 pages of RAM
Jul 25 04:06:14 servername kernel: 0 pages of HIGHMEM
Jul 25 04:06:14 servername kernel: 1805 reserved pages
Jul 25 04:06:14 servername kernel: 4403 pages shared
Jul 25 04:06:14 servername kernel: 228 pages swap cached
Jul 25 04:06:15 servername kernel: Out of Memory: Killed process 22096 (snort).
Jul 25 04:09:32 servername kernel: oom-killer: gfp_mask=0x1d2
Jul 25 04:09:32 servername kernel: Mem-info:
Jul 25 04:09:32 servername kernel: DMA per-cpu:
Jul 25 04:09:32 servername kernel: cpu 0 hot: low 2, high 6, batch 1
Jul 25 04:09:32 servername kernel: cpu 0 cold: low 0, high 2, batch 1
Jul 25 04:09:32 servername kernel: Normal per-cpu:
Jul 25 04:09:32 servername kernel: cpu 0 hot: low 28, high 84, batch 14
Jul 25 04:09:32 servername kernel: cpu 0 cold: low 0, high 28, batch 14
Jul 25 04:09:32 servername kernel: HighMem per-cpu: empty


Then a few more of these and my server has been swapping untill I rebooted. The server is a p4 2GHz with 256MB memory (mem-upgrade is pending)

Will this happen again and WHAT happened ?

[MasterSleepy]

Hello,

Snort take a lot of memory.
I suggest to not use it with the amount of memory you have.

On my old server, I've 512Mb of ram and snort 2.4 was running, but I have to deactivate squid. So you have to have lot of memory.

Regards.

[vodskapom]

hi.
I have the same problem!
how can i uninistall snort/oinkmaster/guardian/base conribs ?

[MasterSleepy]

Hello,

you can uninstall it like every other rpm

Code: [Select]

rpm -e smeserver-base
rpm -e smeserver-oinkmaster
rpm -e smeserver-guardian
rpm -e smeserver-snort

Regards.

[rmoria]

Thanks for the fast respond. I'll be sure to reinstall it when I get more memory.