[Snort-devel] Re: your mail
fygrave at ...1...
Wed Nov 28 18:51:01 EST 2001
> Nov 29 08:39:28 bach snort: WARNING: command line
> overrides rules file alert plugin!
> Nov 29 08:39:38 bach snort: Snort initialization
> completed successfully, Snort running
> Nov 29 08:47:03 bach /kernel: pid 344 (snort), uid 2:
> exited on signal 11
> Nov 29 08:47:03 bach /kernel: tun0: promiscuous mode
Is there any coredump file (normally snort.core) created? if yes, gdb
/path/to/snort /path/to/snort.core, bt, if not (probably operator
doesn't have permissions to dump core into root directory, this is pwd
of snort in daemon mode), either run snort with priveleges so it would
allow to write the coredump file, or run snort without daemon mode
(possible also to start it directly from gdb).
More information about the Snort-devel