[Snort-devel] [ snort-Bugs-460715 ] snort running as a daemon dies

noreply at ...12... noreply at ...12...
Fri Sep 28 10:22:04 EDT 2001


Bugs item #460715, was opened at 2001-09-11 08:49
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=460715&group_id=3357

Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: Nobody/Anonymous (nobody)
Assigned to: Martin Roesch (roesch)
Summary: snort running as a daemon dies

Initial Comment:
I am running snort 1.8.1 on a Solaris 8 SPARC (SS5)
with 160MB.  The only purpose of this box is to run
snort, nothing else.  I have now tried for a couple of
days to discover the reason why the snort daemon dies
when running in daemon mode, but does not die when I
use a syntax like;

truss snort -c /etc/snort/snort.conf
                or
cd /etc/snort;
truss ./snort -c ./snort.conf

If I however run the daemon with the -D option without
the interactive truss, the daemon dies.  And, it does
not seem to do so with any kind of consistency ...
however within 15 minutes of having started.

Any information that may assist in identifying the
cause of the problem would be appreciated.  I log
everything on my systems, but have been unabled to
record the reason why the daemon decides to suddently
die.

thanks,

Silio

----------------------------------------------------------------------

>Comment By: Martin Roesch (roesch)
Date: 2001-09-28 09:58

Message:
Logged In: YES 
user_id=18573

Ok, stop running it in daemon mode, you're obviously not
getting any good data from that.  Start Snort in gdb by
running 'gdb snort'.  Once in gdb, start Snort with a 'r
<options>', where <options> is the usual set of command line
options that you specify.  DO NOT SET THE -D SWITCH, GDB
WON'T BE ABLE TO TRACK THE PROCESS IF IT GOES INTO DAEMON
MODE.  Run the process, then see what causes it to crash. 
Once it does crash, run a 'bt' and send us the results.

----------------------------------------------------------------------

Comment By: Nobody/Anonymous (nobody)
Date: 2001-09-28 09:25

Message:
Logged In: NO 

It will crash running in interactive mode as well.  It could
be something it does not like when is configured to use the
bundled/downloaded rules.  I have not been able to confirm
and/or get any useful information as to what rule could be
causing the daemon to crash and core dump.

Silio

----------------------------------------------------------------------

Comment By: Martin Roesch (roesch)
Date: 2001-09-27 22:50

Message:
Logged In: YES 
user_id=18573

Can you please run it in non-daemon mode, if there's a
problem it may show up there.  Another alternative is to run
it from within gdb, if there's a problem with it crashing
you'll be able to see it much more effectively from within
gdb.

----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=460715&group_id=3357




More information about the Snort-devel mailing list