Re: [Snort-users] A few issues with Snort

--===============1046957671==
Content-Type: multipart/alternative;
boundary="----=_Part_1244_14062851.1200064516221"

------=_Part_1244_14062851.1200064516221
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

There are a ton of writeups on this out there (google)..

you need to modify your search-method to either lowmen or ac-bnfa (I sugges=
t
the latter)

Regards,
JJC
http://global-security.blogspot.com

On Jan 11, 2008 8:20 AM, Julio Cesar Gazquez <jgazque0@rosario.gov.ar>
wrote:

> Hi.
>
> I'm starting a Snort+Barnyard+BASE deployment, and I found a few issues.
>
> First, the most scary. I noticed BASE stopped announcing insertion of new
> alerts, and when I checked:
>
> Jan 11 08:10:32 fwext barnyard[2224]: FATAL ERROR: Out of memory (wanted
> 3901751354 bytes)
> Jan 11 08:10:32 fwext barnyard[2224]: Exiting
>
> WTF????
>
> There is such kind of allocation issue known?
>
> The sensor software configuration is as follows:
>
> Debian 3.1
> Snort 2.3.2 (Build 12)
> Barnyard Version 0.2.0 (Build 32), linked against libssl.so.0.9.7 and
> libmysqlclient.so.14
>
>
> Thanks in advance.
>
> --
> Julio C=E9sar G=E1zquez
> Seguridad Inform=E1tica
> Municipalidad de Rosario
>
> -------------------------------------------------------------------------
> Check out the new SourceForge.net Marketplace.
> It's the best place to buy or sell services for
> just about anything Open Source.
>
> http://ad.doubleclick.net/clk;164216....net/marketpl=
ace
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/...fo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.p...=3Dsnort-users
>

------=_Part_1244_14062851.1200064516221
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

There are a ton of writeups on this out there (google)..<br><br>you need to=
modify your search-method to either lowmen or ac-bnfa (I suggest the latte=
r)<br><br>Regards,<br><font color=3D"#888888">JJC<br><a href=3D"http://glob=
al-security.blogspot.com/" target=3D"_blank">

http://global-security.blogspot.com</a></font><br><br><div class=3D"gmail_q=
uote">On Jan 11, 2008 8:20 AM, Julio Cesar Gazquez &lt;<a href=3D"mailto:jg=
azque0@rosario.gov.ar">jgazque0@rosario.gov.ar</a>&gt; wrote:<br><blockquot=
e class=3D"gmail_quote" style=3D"border-left: 1px solid rgb(204, 204, 204);=
margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hi.<br><br>I'm starting a Snort+Barnyard+BASE deployment, and I found a=
few issues.<br><br>First, the most scary. I noticed BASE stopped announcin=
g insertion of new<br>alerts, and when I checked:<br><br>Jan 11 08:10:32 fw=
ext barnyard[2224]: FATAL ERROR: Out of memory (wanted
<br>3901751354 bytes)<br>Jan 11 08:10:32 fwext barnyard[2224]: Exiting<br><=
br>WTF????<br><br>There is such kind of allocation issue known?<br><br>The =
sensor software configuration is as follows:<br><br>Debian 3.1<br>Snort=20
2.3.2 (Build 12)<br>Barnyard Version 0.2.0 (Build 32), linked against libss=
l.so.0.9.7 and<br>libmysqlclient.so.14<br><br><br>Thanks in advance.<br><br=
>--<br>Julio C=E9sar G=E1zquez<br>Seguridad Inform=E1tica<br>Municipalidad =
de Rosario
<br><br>-------------------------------------------------------------------=
------<br>Check out the new SourceForge.net Marketplace.<br>It's the be=
st place to buy or sell services for<br>just about anything Open Source.
<br><a href=3D"http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf=
..net/marketplace" target=3D"_blank">http://ad.doubleclick.net/clk;164216239=
;13503038;w?http://sf.net/marketplace</a><br>______________________________=
_________________
<br>Snort-users mailing list<br><a href=3D"mailto:Snort-users@lists.sourcef=
orge.net">Snort-users@lists.sourceforge.net</a><br>Go to this URL to change=
user options or unsubscribe:<br><a href=3D"https://lists.sourceforge.net/l=
ists/listinfo/snort-usersSnort-users" target=3D"_blank">
https://lists.sourceforge.net/lists/listinfo/snort-users<br>Snort-users</a>=
list archive:<br><a href=3D"http://www.geocrawler.com/redir-sf.php3?list=
=3Dsnort-users" target=3D"_blank">http://www.geocrawler.com/redir-sf.php3?l=
ist=3Dsnort-users
</a><br></blockquote></div><br>

------=_Part_1244_14062851.1200064516221--


--===============1046957671==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services for
just about anything Open Source.
http://ad.doubleclick.net/clk;164216...et/marketplace
--===============1046957671==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users
--===============1046957671==--