[Snort-devel] bug report snort-1.7: snort dies under RH7

Martin Roesch roesch at ...48...
Tue Apr 3 21:44:24 EDT 2001


Could you please run a backtrace on the core file (as detailed in the
BUGS file) and send us the results, we'll get better results faster if
you do.

     -Marty

dave w capella wrote:
> 
> Howdy,
> 
> First, I'd like to you for a well-designed, helpful application.
> 
> I've encountered a problem: snort dies after a few hours w/no
> indication in the logs. It seems to work fine up until then. Funny,
> it does not exhibit this behavior on another RedHat 7.0 box sitting
> right next to it. Neither does it die when run (w/otherwise exactly
> the same command line) in the foreground in an xterm.
> 
> The only /var/log/messages generated are at program launch.
> 
> This is on:
> Linux 2.2.16-22enterprise #1 SMP Tue Aug 22 16:29:32 EDT 2000 i686
> 
> Both installed from rpm d/l'd from www.snort.org: snort-1.7-1.i386.rpm
> FWIW, after install, I did:  chmod -R snort.snort /var/log/snort
> 
> Both run from the /etc/init.d/snortd script (tho' have been renamed
> from snortd to snort):
> 
> INTERFACE=eth0
> daemon /usr/sbin/snort -u snort -g snort -s -d -D \
>         -i $INTERFACE -l /var/log/snort -c /etc/snort/snort.conf
> 
> snort.conf:
> 
> var HOME_NET xxx.xxx.xxx.0/24
> var EXTERNAL_NET any
> var DNS_SERVERS [xxx.xxx.xxx.x/32,xxx.xxx.xx.xxx/32]
> 
> preprocessor defrag
> preprocessor http_decode: 80 8080
> preprocessor portscan: $HOME_NET 4 3 /var/log/snort/portscan.log
> preprocessor portscan-ignorehosts: $DNS_SERVERS $HOME_NET
> 
> include /etc/snort/webcgi-lib
> include /etc/snort/webcf-lib
> include /etc/snort/webiis-lib
> include /etc/snort/webfp-lib
> include /etc/snort/webmisc-lib
> include /etc/snort/overflow-lib
> include /etc/snort/finger-lib
> include /etc/snort/ftp-lib
> include /etc/snort/smtp-lib
> include /etc/snort/telnet-lib
> include /etc/snort/misc-lib
> include /etc/snort/netbios-lib
> include /etc/snort/scan-lib
> include /etc/snort/ddos-lib
> include /etc/snort/backdoor-lib
> include /etc/snort/ping-lib
> include /etc/snort/rpc-lib
> 
> cheers,
> ...dave
> --
> dave w capella            |  http://capella.ithaca.ny.us/
> Systems Administrator     |  mailto:dave.capella at ...365...
> Department of Biometrics  |  http://www.biom.cornell.edu/
> Cornell University        |  (607) 255-9847
> PGP Key                   |  http://capella.ithaca.ny.us/pgpkey.txt
>         It's kind of fun to do the impossible.- Disney
> 
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> http://lists.sourceforge.net/lists/listinfo/snort-devel




More information about the Snort-devel mailing list