In a Slack conversation a community user reported a possible memory leak when observing Brim's Zeek process running on Windows. I attempted to reproduce this and it does seem likely. Importing the 4 GB all.pcap we often test with into Brim v0.17.0 (so, using the Zeek artifact v3.2.0-dev-brim9) and watching in Task Manager, the reported memory use started around 80 MB and gradually climbed throughout the import to a peak of about 570 MB as it finished. Repeating the same on macOS, the Activity Monitor reported that Zeek's memory use ramped to 108.5 MB by the middle of the import process, and the usage remained flat throughout the remainder of import. While I know that Zeek maintains some state during its runs and I'm not surprised to see some ramp, clearly the slope on the Windows side is suspiciously high.

I've confirmed this issue is still present as of GA Brim tagged v0.31.0.

Now that Windows support for Zeek is more official and we're doing builds from current code in https://github.com/brimdata/build-zeek, I had high hopes that this problem would have gone away. Unfortunately it seems I can still reproduce it. I've opened an issue at zeek#3590.

As noted in the last comment, this memory leak is now being tracked in its proper home at zeek#3590. It probably doesn't make sense for us to hold redundant open issues for every problem we've found that ultimately needs to be fixed in another pcap analyzer. Per brimdata/brimcap#337, I plan to consolidate info about such issues in one location (probably the Brimcap wiki) and link to relevant issues from there.

In the meantime, I'm going to close this redundant issue.