Overview
You can modify the SNORT configuration to reduce its pre-allocated memory for Kerio Control to run with more RAM available; this article provides the steps required to configure SNORT for this purpose.
Process
-
Log in to Kerio Control using SSH.
-
Execute the following command to switch the disk to read-write mode:
mount -o rw,remount /
-
Go to the
/opt/kerio/winroute/snort/templates
directory location. -
Use
nano
command to edit the file snort.tpl, as shown below:nano snort.tpl
-
Locate the
stream5_global
section. -
Change the value for
max_tcp
from262144
to131072
. -
Change the value for
max_udp
from131072
to65536
. -
Save the snort.tpl file reboot Kerio Control.
The values max_tcp
and max_udp
control how many concurrent TCP and UDP sessions SNORT can monitor. In most cases, an installation would never have that many connections going at one time. These variables cause SNORT to pre-allocate memory to handle the sessions. By reducing these values, it should reduce the amount of memory being allocated and allow Kerio Control to run.