Re: [Snort-users] snort keeps dying!!!
This is a discussion on Re: [Snort-users] snort keeps dying!!! within the Snort forums, part of the System Security and Security Related category; --===============1961246926== Content-Type: multipart/alternative; boundary="_2012f70a-58e0-46ce-9ba3-32cfe7a5da0d_" --_2012f70a-58e0-46ce-9ba3-32cfe7a5da0d_ Content-Type: ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
09-06-2007
|
|||
|
|||
Re: [Snort-users] snort keeps dying!!!
--===============1961246926==
Content-Type: multipart/alternative; boundary="_2012f70a-58e0-46ce-9ba3-32cfe7a5da0d_" --_2012f70a-58e0-46ce-9ba3-32cfe7a5da0d_ Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable The better questions: =0A= =0A= Are you trying to run ALL SIGNATURES (including bleeding threats, and the S= tormworm IP Signatures, about 15,000 signatures)?? =0A= =0A= How much bandwidth is this firewall handling? (Mb/s) =0A= =0A= Run Snort in non-daemon mode, and see the error you get when it stops runni= ng.=20 =0A= =0A= =0A= Shirkdog =0A= ' or 1=3D1-- =0A= =0A= =0A= http://www.shirkdog.us > Date: Thu, 6 Sep 2007 12:20:32 -0400 > From: joel.esler@sourcefire.com > To: titanyen2000@yahoo.com; snort-users@lists.sourceforge.net > Subject: Re: [Snort-users] snort keeps dying!!! >=20 > We'll probably need some kind of debug output to find out why it's dying > since it's not printing any error messages. >=20 > Are you running out of RAM on the box when Snort dies? >=20 > J >=20 >=20 > On 9/6/07 12:16 PM, "Zakai Kinan" <titanyen2000@yahoo.com> mentioned to m= e: >=20 > > The firewall is using Debian Etch 4.1. It is a Dell > > PE 2950. I have nothing in the logs. Version 2.6.1.5 > > worked fine until I upgraded to latest version. > >=20 > >=20 > > ZK > > =20 > > --- Joel Esler <joel.esler@sourcefire.com> wrote: > >=20 > >> What OS? What hardware? Do you have anything in > >> your system log? > >>=20 > >> Joel > >>=20 > >>=20 > >> On 9/6/07 11:57 AM, "Zakai Kinan" > >> <titanyen2000@yahoo.com> mentioned to me: > >>=20 > >>> I just upgraded from 2.6.1.5 to 2.7.0.1 and now > >> snort > >>> keeps dying with no error messages. I am using > >>> snortsam, flex_resp2, and react. I have lowered > >> the > >>> memory config to lowmem. The firewall has two > >> cpus > >>> and 4GB of ram. I start the daemaon and 2 minutes > >>> later it stops suddenly. Has anyone else > >> encounter > >>> this problem? > >>>=20 > >>> TIA, > >>>=20 > >>> ZK > >>>=20 > >>>=20 > >>> =20 > >>>=20 > >>=20 > > __________________________________________________ _____________________= _______ > >>> ______ > >>> Need a vacation? Get great deals > >>> to amazing places on Yahoo! Travel. > >>> http://travel.yahoo.com/ > >>>=20 > >>>=20 > >>=20 > > -----------------------------------------------------------------------= -- > >>> This SF.net email is sponsored by: Splunk Inc. > >>> Still grepping through log files to find problems? > >> Stop. > >>> Now Search log events and configuration files > >> using AJAX and a browser. > >>> Download your FREE copy of Splunk now >> > >> http://get.splunk.com/ > >>> _______________________________________________ > >>> Snort-users mailing list > >>> Snort-users@lists.sourceforge.net > >>> Go to this URL to change user options or > >> unsubscribe: > >>>=20 > >>=20 > > https://lists.sourceforge.net/lists/...fo/snort-users > >>> Snort-users list archive: > >>>=20 > >>=20 > > http://www.geocrawler.com/redir-sf.p...=3Dsnort-users > >>>=20 > >>=20 > >> -- > >> joel esler | security consultant | Sourcefire | pgp > >> is public > >>=20 > >>=20 > >>=20 > >=20 > >=20 > >=20 > > =20 > > __________________________________________________ _____________________= _______ > > ______ > > Shape Yahoo! in your own image. Join our Network Research Panel today! > > http://surveylink.yahoo.com/gmrs/yah...vite.asp?a=3D7 > >=20 > >=20 > >=20 > > -----------------------------------------------------------------------= -- > > This SF.net email is sponsored by: Splunk Inc. > > Still grepping through log files to find problems? Stop. > > Now Search log events and configuration files using AJAX and a browser. > > Download your FREE copy of Splunk now >> http://get.splunk.com/ > > _______________________________________________ > > Snort-users mailing list > > Snort-users@lists.sourceforge.net > > Go to this URL to change user options or unsubscribe: > > https://lists.sourceforge.net/lists/...fo/snort-users > > Snort-users list archive: > > http://www.geocrawler.com/redir-sf.p...=3Dsnort-users > >=20 >=20 > -- > joel esler | security consultant | Sourcefire | pgp is public >=20 >=20 >=20 > ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? Stop. > Now Search log events and configuration files using AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/ > _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...=3Dsnort-users __________________________________________________ _______________ Connect to the next generation of MSN Messenger=A0 http://imagine-msn.com/messenger/lau...3Den-us&sourc= e=3Dwlmailtagline= --_2012f70a-58e0-46ce-9ba3-32cfe7a5da0d_ Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable <html> <head> <style> ..hmmessage P { margin:0px; padding:0px } body.hmmessage { FONT-SIZE: 10pt; FONT-FAMILY:Tahoma } </style> </head> <body class=3D'hmmessage'><div style=3D"text-align: left;"><br></div><br><d= iv style=3D"text-align: left;">The better questions:<br>=0A= <br>=0A= Are you trying to run ALL SIGNATURES (including bleeding threats, and the S= tormworm IP Signatures, about 15,000 signatures)??<br>=0A= <br>=0A= How much bandwidth is this firewall handling? (Mb/s)<br>=0A= <br>=0A= Run Snort in non-daemon mode, and see the error you get when it stops runni= ng. <br>=0A= <br>=0A= </div>=0A= <br>Shirkdog<br>=0A= ' or 1=3D1-- =0A= =0A= <br>=0A= http://www.shirkdog.us<br><hr id=3D"stopSpelling">> Date: Thu, 6 Sep 200= 7 12:20:32 -0400<br>> From: joel.esler@sourcefire.com<br>> To: titany= en2000@yahoo.com; snort-users@lists.sourceforge.net<br>> Subject: Re: [S= nort-users] snort keeps dying!!!<br>> <br>> We'll probably need some = kind of debug output to find out why it's dying<br>> since it's not prin= ting any error messages.<br>> <br>> Are you running out of RAM on the= box when Snort dies?<br>> <br>> J<br>> <br>> <br>> On 9/6/0= 7 12:16 PM, "Zakai Kinan" <titanyen2000@yahoo.com> mentioned to me:<b= r>> <br>> > The firewall is using Debian Etch 4.1. It is a Dell<b= r>> > PE 2950. I have nothing in the logs. Version 2.6.1.5<br>> = > worked fine until I upgraded to latest version.<br>> > <br>> = > <br>> > ZK<br>> > <br>> > --- Joel Esler <joel.= esler@sourcefire.com> wrote:<br>> > <br>> >> What OS? Wh= at hardware? Do you have anything in<br>> >> your system log?<br>= > >> <br>> >> Joel<br>> >> <br>> >> <br= >> >> On 9/6/07 11:57 AM, "Zakai Kinan"<br>> >> <titan= yen2000@yahoo.com> mentioned to me:<br>> >> <br>> >>&g= t; I just upgraded from 2.6.1.5 to 2.7.0.1 and now<br>> >> snort<b= r>> >>> keeps dying with no error messages. I am using<br>>= >>> snortsam, flex_resp2, and react. I have lowered<br>> >= > the<br>> >>> memory config to lowmem. The firewall has tw= o<br>> >> cpus<br>> >>> and 4GB of ram. I start the d= aemaon and 2 minutes<br>> >>> later it stops suddenly. Has any= one else<br>> >> encounter<br>> >>> this problem?<br>&= gt; >>> <br>> >>> TIA,<br>> >>> <br>> &= gt;>> ZK<br>> >>> <br>> >>> <br>> >>= > <br>> >>> <br>> >> <br>> > _________= __________________________________________________ ___________________<br>&g= t; >>> ______<br>> >>> Need a vacation? Get great deal= s<br>> >>> to amazing places on Yahoo! Travel.<br>> >>= > http://travel.yahoo.com/<br>> >>> <br>> >>> <b= r>> >> <br>> > ---------------------------------------------= ----------------------------<br>> >>> This SF.net email is spon= sored by: Splunk Inc.<br>> >>> Still grepping through log files= to find problems?<br>> >> Stop.<br>> >>> Now Search = log events and configuration files<br>> >> using AJAX and a browse= r.<br>> >>> Download your FREE copy of Splunk now >><br>&= gt; >> http://get.splunk.com/<br>> >>> __________________= _____________________________<br>> >>> Snort-users mailing list= <br>> >>> Snort-users@lists.sourceforge.net<br>> >>>= ; Go to this URL to change user options or<br>> >> unsubscribe:<br= >> >>> <br>> >> <br>> > https://lists.sourceforg= e.net/lists/listinfo/snort-users<br>> >>> Snort-users list arch= ive:<br>> >>> <br>> >> <br>> > http://www.geocra= wler.com/redir-sf.php3?list=3Dsnort-users<br>> >>> <br>> >= ;> <br>> >> --<br>> >> joel esler | security consultan= t | Sourcefire | pgp<br>> >> is public<br>> >> <br>> &= gt;> <br>> >> <br>> > <br>> > <br>> > <br>>= ; > <br>> > ________________________________________________= ______________________________<br>> > ______<br>> > Shape Yahoo= ! in your own image. Join our Network Research Panel today!<br>> > h= ttp://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=3D7<br>> > <= br>> > <br>> > <br>> > ----------------------------------= ---------------------------------------<br>> > This SF.net email is s= ponsored by: Splunk Inc.<br>> > Still grepping through log files to f= ind problems? Stop.<br>> > Now Search log events and configuration f= iles using AJAX and a browser.<br>> > Download your FREE copy of Splu= nk now >> http://get.splunk.com/<br>> > ______________________= _________________________<br>> > Snort-users mailing list<br>> >= ; Snort-users@lists.sourceforge.net<br>> > Go to this URL to change u= ser options or unsubscribe:<br>> > https://lists.sourceforge.net/list= s/listinfo/snort-users<br>> > Snort-users list archive:<br>> > = http://www.geocrawler.com/redir-sf.php3?list=3Dsnort-users<br>> > <br= >> <br>> --<br>> joel esler | security consultant | Sourcefire | p= gp is public<br>> <br>> <br>> <br>> ---------------------------= ----------------------------------------------<br>> This SF.net email is= sponsored by: Splunk Inc.<br>> Still grepping through log files to find= problems? Stop.<br>> Now Search log events and configuration files usi= ng AJAX and a browser.<br>> Download your FREE copy of Splunk now >&g= t; http://get.splunk.com/<br>> ________________________________________= _______<br>> Snort-users mailing list<br>> Snort-users@lists.sourcefo= rge.net<br>> Go to this URL to change user options or unsubscribe:<br>&g= t; https://lists.sourceforge.net/lists/listinfo/snort-users<br>> Snort-u= sers list archive:<br>> http://www.geocrawler.com/redir-sf.php3?list=3Ds= nort-users<br><br /><hr />Connect to the next generation of MSN Messenger= =A0 <a href=3D'http://imagine-msn.com/messenger/launch80/default.aspx?loca= le=3Den-us&source=3Dwlmailtagline' target=3D'_new'>Get it now! </a></body> </html>= --_2012f70a-58e0-46ce-9ba3-32cfe7a5da0d_-- --===============1961246926== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ --===============1961246926== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users --===============1961246926==-- 
|
 |
«
Previous Thread
|
Next Thread
»
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
All times are GMT +1. The time now is 05:42 AM.
