Re: [Snort-users] snort keeps dying!!!

permalink · #1 (**permalink**) 09-10-2007

I went back to 2.6.1.5 for now because I could not
wait anymore. I am going to try it in a virtual
environment and send the info then.

Thanks again,

ZK

--- Todd Wease <twease@sourcefire.com> wrote:

> Zakai
>
> If possible, can you:
>
> (1) provide the snort.conf you are using
> (2) provide the command line used
> (3) run snort in gdb and provide a backtrace of the
> segfault.
> (4) provide a packet capture of the traffic when
> snort segfaults.
>
> Any and all of the above would be very helpful.
>
> If any of the above information is sensitive, please
> send your response
> with attachments to bugs@snort.org.
>
> Thanks,
> Todd
>
>
> Zakai Kinan wrote:
> > No, I am not trying to run all of the sigs. I
> have a
> > long disabled list. I only run some from bleeding
> and
> > snort community. I get a Segmentation fault error
> > when not in daemon mode. I only have a T1 so my
> > bandwidth usage is limited. I am not running out
> of
> > memory when it stops. Snort is currently setup
> with
> > lowmem config. I thought of the same thing. It
> was
> > setup as AC in 2.6.1.5 and it worked fine.
> >
> >
> > Thanks again,
> >
> >
> > ZK
> >
> >
> >
> > --- "M. Shirk" <shirkdog_list@hotmail.com> wrote:
> >
> >>
> >> The better questions:
> >>
> >>
> >>
> >> Are you trying to run ALL SIGNATURES (including
> >> bleeding threats, and the Stormworm IP
> Signatures,
> >> about 15,000 signatures)??
> >>
> >>
> >>
> >> How much bandwidth is this firewall handling?
> (Mb/s)
> >>
> >>
> >>
> >> Run Snort in non-daemon mode, and see the error
> you
> >> get when it stops running.
> >>
> >>
> >>
> >>
> >>
> >> Shirkdog
> >>
> >> ' or 1=1--
> >>
> >>
> >>
> >> http://www.shirkdog.us
> >>> Date: Thu, 6 Sep 2007 12:20:32 -0400
> >>> From: joel.esler@sourcefire.com
> >>> To: titanyen2000@yahoo.com;
> >> snort-users@lists.sourceforge.net
> >>> Subject: Re: [Snort-users] snort keeps dying!!!
> >>>
> >>> We'll probably need some kind of debug output to
> >> find out why it's dying
> >>> since it's not printing any error messages.
> >>>
> >>> Are you running out of RAM on the box when Snort
> >> dies?
> >>> J
> >>>
> >>>
> >>> On 9/6/07 12:16 PM, "Zakai Kinan"
> >> <titanyen2000@yahoo.com> mentioned to me:
> >>>> The firewall is using Debian Etch 4.1. It is a
> >> Dell
> >>>> PE 2950. I have nothing in the logs. Version
> >> 2.6.1.5
> >>>> worked fine until I upgraded to latest version.
> >>>>
> >>>>
> >>>> ZK
> >>>>
> >>>> --- Joel Esler <joel.esler@sourcefire.com>
> >> wrote:
> >>>>> What OS? What hardware? Do you have anything
> >> in
> >>>>> your system log?
> >>>>>
> >>>>> Joel
> >>>>>
> >>>>>
> >>>>> On 9/6/07 11:57 AM, "Zakai Kinan"
> >>>>> <titanyen2000@yahoo.com> mentioned to me:
> >>>>>
> >>>>>> I just upgraded from 2.6.1.5 to 2.7.0.1 and
> >> now
> >>>>> snort
> >>>>>> keeps dying with no error messages. I am
> >> using
> >>>>>> snortsam, flex_resp2, and react. I have
> >> lowered
> >>>>> the
> >>>>>> memory config to lowmem. The firewall has
> two
> >>>>> cpus
> >>>>>> and 4GB of ram. I start the daemaon and 2
> >> minutes
> >>>>>> later it stops suddenly. Has anyone else
> >>>>> encounter
> >>>>>> this problem?
> >>>>>>
> >>>>>> TIA,
> >>>>>>
> >>>>>> ZK
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>>
> >
>
__________________________________________________ ____________________________
> >>>>>> ______
> >>>>>> Need a vacation? Get great deals
> >>>>>> to amazing places on Yahoo! Travel.
> >>>>>> http://travel.yahoo.com/
> >>>>>>
> >>>>>>
> >
>
-------------------------------------------------------------------------
> >>>>>> This SF.net email is sponsored by: Splunk
> Inc.
> >>>>>> Still grepping through log files to find
> >> problems?
> >>>>> Stop.
> >>>>>> Now Search log events and configuration files
> >>>>> using AJAX and a browser.
> >>>>>> Download your FREE copy of Splunk now >>
> >>>>> http://get.splunk.com/
> >> _______________________________________________
> >>>>>> Snort-users mailing list
> >>>>>> Snort-users@lists.sourceforge.net
> >>>>>> Go to this URL to change user options or
> >>>>> unsubscribe:
> >
>
https://lists.sourceforge.net/lists/...fo/snort-users
> >>>>>> Snort-users list archive:
> >>>>>>
> >
>
http://www.geocrawler.com/redir-sf.p...st=snort-users
> >>>>> --
> >>>>> joel esler | security consultant | Sourcefire
> |
> >> pgp
> >>>>> is public
> >>>>>
> >>>>>
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>>
> >
>
__________________________________________________ ____________________________
> >>>> ______
> >>>> Shape Yahoo! in your own image. Join our
> >> Network Research Panel today!
> >
>
http://surveylink.yahoo.com/gmrs/yah...invite.asp?a=7
> >>>>
> >>>>
> >>>>
> >
>
-------------------------------------------------------------------------
> >>>> This SF.net email is sponsored by: Splunk Inc.
> >>>> Still grepping through log files to find
> >> problems? Stop.
> >>>> Now Search log events and configuration files
> >> using AJAX and a browser.
> >>>> Download your FREE copy of Splunk now >>
> >> http://get.splunk.com/
>
=== message truncated ===

__________________________________________________ __________________________________
Pinpoint customers who are looking for what you sell.
http://searchmarketing.yahoo.com/

-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode