Malcolm is a powerful, easily deployable network traffic analysis tool suite for full packet capture artifacts (PCAP files), Zeek logs and Suricata alerts.
When following the default recommendation of the memory allocation the setup script provides and the system has no swap configured Opensearch repeatedly crashed because it can't allocate enough memory. Problems occured when the server has below 12 GB memory and now swap configured, it happend on Ubuntu, Debian and OpenSUSE.
To reproduce
Steps to reproduce the behavior:
Server with 8GB memory and no swap
Install according to documentation
Start Malcolm with the script
Expected behavior
The script should recommend less memory for Opensearch and Logstash when the system has below 12 GB memory and no swap.
Any helpful log output or screenshots
The following output is shown (not exactly copied)
mmguero
commented
2 weeks ago 