Overview

You can modify the SNORT configuration to reduce its pre-allocated memory for Kerio Control to run with more RAM available; this article provides the steps required to configure SNORT for this purpose.

Process

1. Log in to Kerio Control using SSH.

2. Execute the following command to switch the disk to read-write mode:

   mount -o rw,remount /

3. Go to the /opt/kerio/winroute/snort/templates directory location.

4. Use nano command to edit the file snort.tpl, as shown below:

   nano snort.tpl

5. Locate the stream5_global section.

6. Change the value for max_tcp from 262144 to 131072.

7. Change the value for max_udp from 131072 to 65536.

8. Save the snort.tpl file reboot Kerio Control.

The values max_tcp and max_udp control how many concurrent TCP and UDP sessions SNORT can monitor. In most cases, an installation would never have that many connections going at one time. These variables cause SNORT to pre-allocate memory to handle the sessions. By reducing these values, it should reduce the amount of memory being allocated and allow Kerio Control to run.