Possible memory leak

Question

Possible memory leak

Closed this issue 2 years ago · 3 comments

We have noticed that with this script in some enviroments we are getting a memory leak for bro/zeek.

We have noticed that in some case, when there are a lot of long/persistent connections, bro/zeek makes our server swap and then crashes.

Answer 1 · 2020-06-26T17:05:27.000Z

Hi,

I believe I know what causes this now. It's not a lot of long connections, but a lot of short ones.

The conn polling keeps a reference to the connection alive which causes higher memory usage. Changing default_durations to include some smaller durations and then ignoring them might fix it, but looking into a different design that would avoid this.

Answer 2 · 2020-06-29T13:27:01.000Z

This PR against zeek should fix the memory usage: zeek/zeek#1035

Answer 3 · 2022-03-14T14:42:15.000Z

I'm going to close this since it was a zeek issue and that was fixed a while ago.