My apologies for dropping the ball on this thread :-(.
- I am running this on a P3-600 MHz, 200 MB memory
system. Is that too
It crticially depends on your traffic volume. In my experience, a machine
like that should be able to monitor a network on the order of a hundred
machines with a 100 Mbps link; but that's somewhat a guess, as most of my
experience is with bigger/faster networks.
- The size of the 'bro.core' file upon the
seg-fault is of the order of 500
Isn't that weird?
This very likely indicates that Bro is crashing because you've reached
the process "datasize" limit. See what "limit datasize" reports.
The response time of my system also increases
That's because, given 200 MB of real memory, when Bro grows beyond that
towards 500 MB, you suffer a great deal of paging.
It appears very likely that you are encountering a memory leak.
Try (1) running the latest release (I just announced 0.8a58),
and, if the problem persists, turning on memory statistics, which
you can do by including "statistics.bro" as a policy script on the
command line or via @load.