Re: [Snort-users] snort keeps dying!!!
This is a discussion on Re: [Snort-users] snort keeps dying!!! within the Snort forums, part of the System Security and Security Related category; No, I am not trying to run all of the sigs. I have a long disabled list. I only run ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
09-06-2007
|
|||
|
|||
Re: [Snort-users] snort keeps dying!!!
No, I am not trying to run all of the sigs. I have a
long disabled list. I only run some from bleeding and snort community. I get a Segmentation fault error when not in daemon mode. I only have a T1 so my bandwidth usage is limited. I am not running out of memory when it stops. Snort is currently setup with lowmem config. I thought of the same thing. It was setup as AC in 2.6.1.5 and it worked fine. Thanks again, ZK --- "M. Shirk" <shirkdog_list@hotmail.com> wrote: > > > The better questions: > > > > Are you trying to run ALL SIGNATURES (including > bleeding threats, and the Stormworm IP Signatures, > about 15,000 signatures)?? > > > > How much bandwidth is this firewall handling? (Mb/s) > > > > Run Snort in non-daemon mode, and see the error you > get when it stops running. > > > > > > Shirkdog > > ' or 1=1-- > > > > http://www.shirkdog.us > > Date: Thu, 6 Sep 2007 12:20:32 -0400 > > From: joel.esler@sourcefire.com > > To: titanyen2000@yahoo.com; > snort-users@lists.sourceforge.net > > Subject: Re: [Snort-users] snort keeps dying!!! > > > > We'll probably need some kind of debug output to > find out why it's dying > > since it's not printing any error messages. > > > > Are you running out of RAM on the box when Snort > dies? > > > > J > > > > > > On 9/6/07 12:16 PM, "Zakai Kinan" > <titanyen2000@yahoo.com> mentioned to me: > > > > > The firewall is using Debian Etch 4.1. It is a > Dell > > > PE 2950. I have nothing in the logs. Version > 2.6.1.5 > > > worked fine until I upgraded to latest version. > > > > > > > > > ZK > > > > > > --- Joel Esler <joel.esler@sourcefire.com> > wrote: > > > > > >> What OS? What hardware? Do you have anything > in > > >> your system log? > > >> > > >> Joel > > >> > > >> > > >> On 9/6/07 11:57 AM, "Zakai Kinan" > > >> <titanyen2000@yahoo.com> mentioned to me: > > >> > > >>> I just upgraded from 2.6.1.5 to 2.7.0.1 and > now > > >> snort > > >>> keeps dying with no error messages. I am > using > > >>> snortsam, flex_resp2, and react. I have > lowered > > >> the > > >>> memory config to lowmem. The firewall has two > > >> cpus > > >>> and 4GB of ram. I start the daemaon and 2 > minutes > > >>> later it stops suddenly. Has anyone else > > >> encounter > > >>> this problem? > > >>> > > >>> TIA, > > >>> > > >>> ZK > > >>> > > >>> > > >>> > > >>> > > >> > > > > __________________________________________________ ____________________________ > > >>> ______ > > >>> Need a vacation? Get great deals > > >>> to amazing places on Yahoo! Travel. > > >>> http://travel.yahoo.com/ > > >>> > > >>> > > >> > > > > ------------------------------------------------------------------------- > > >>> This SF.net email is sponsored by: Splunk Inc. > > >>> Still grepping through log files to find > problems? > > >> Stop. > > >>> Now Search log events and configuration files > > >> using AJAX and a browser. > > >>> Download your FREE copy of Splunk now >> > > >> http://get.splunk.com/ > > >>> > _______________________________________________ > > >>> Snort-users mailing list > > >>> Snort-users@lists.sourceforge.net > > >>> Go to this URL to change user options or > > >> unsubscribe: > > >>> > > >> > > > > https://lists.sourceforge.net/lists/...fo/snort-users > > >>> Snort-users list archive: > > >>> > > >> > > > > http://www.geocrawler.com/redir-sf.p...st=snort-users > > >>> > > >> > > >> -- > > >> joel esler | security consultant | Sourcefire | > pgp > > >> is public > > >> > > >> > > >> > > > > > > > > > > > > > > > > __________________________________________________ ____________________________ > > > ______ > > > Shape Yahoo! in your own image. Join our > Network Research Panel today! > > > > http://surveylink.yahoo.com/gmrs/yah...invite.asp?a=7 > > > > > > > > > > > > > ------------------------------------------------------------------------- > > > This SF.net email is sponsored by: Splunk Inc. > > > Still grepping through log files to find > problems? Stop. > > > Now Search log events and configuration files > using AJAX and a browser. > > > Download your FREE copy of Splunk now >> > http://get.splunk.com/ > > > _______________________________________________ > > > Snort-users mailing list > > > Snort-users@lists.sourceforge.net > > > Go to this URL to change user options or > unsubscribe: > > > > https://lists.sourceforge.net/lists/...fo/snort-users > > > Snort-users list archive: > > > > http://www.geocrawler.com/redir-sf.p...st=snort-users > > > > > > > -- > > joel esler | security consultant | Sourcefire | > pgp is public > > > > > > > > > ------------------------------------------------------------------------- > > This SF.net email is sponsored by: Splunk Inc. > > Still grepping through log files to find problems? > Stop. > > Now Search log events and configuration files > using AJAX and a browser. > > Download your FREE copy of Splunk now >> > http://get.splunk.com/ > > _______________________________________________ > > Snort-users mailing list > > Snort-users@lists.sourceforge.net > > Go to this URL to change user options or > unsubscribe: > > > https://lists.sourceforge.net/lists/...fo/snort-users > > Snort-users list archive: > > > http://www.geocrawler.com/redir-sf.p...st=snort-users > > __________________________________________________ _______________ > Connect to the next generation of MSN Messenger > === message truncated ===> ------------------------------------------------------------------------- > This SF.net email is sponsored by: Splunk Inc. > Still grepping through log files to find problems? > Stop. > Now Search log events and configuration files using > AJAX and a browser. > Download your FREE copy of Splunk now >> http://get.splunk.com/> _______________________________________________ > Snort-users mailing list > Snort-users@lists.sourceforge.net > Go to this URL to change user options or > unsubscribe: > https://lists.sourceforge.net/lists/...fo/snort-users > Snort-users list archive: > http://www.geocrawler.com/redir-sf.p...st=snort-users __________________________________________________ __________________________________ Yahoo! oneSearch: Finally, mobile search that gives answers, not web links. http://mobile.yahoo.com/mobileweb/on...h?refer=1ONXIC ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
