[Snort-devel] [ snort-Bugs-494612 ] snort stops logging

noreply at ...12... noreply at ...12...
Tue Mar 26 23:51:06 EST 2002


Bugs item #494612, was opened at 2001-12-18 07:19
You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=494612&group_id=3357

Category: None
Group: None
Status: Open
Resolution: None
Priority: 5
Submitted By: david burton (netgroup132)
Assigned to: Nobody/Anonymous (nobody)
Summary: snort stops logging

Initial Comment:

I'm running snort Version 1.8.3 on Solaris 8. 
I downloaded the latest rules on Dec 14. Since 
then, the snort process has been having problems.
After it runs for a while it stops logging. It will
start logging again if I send it a SIGHUP. 

Is this a bug? Anybody else experiencing this problem?



Thanks,

-Dave


----------------------------------------------------------------------

Comment By: Nobody/Anonymous (nobody)
Date: 2002-03-25 04:08

Message:
Logged In: NO 

Hey Dave, check if the CPU it's to the 90%-100%... 

Agazzini Maurizio

wrote me:
maurizio at ...1202...

----------------------------------------------------------------------

Comment By: Andreas Östling (nitzer)
Date: 2002-03-15 00:43

Message:
Logged In: YES 
user_id=486651

This sounds like the bug in the regex matching code 
reported a while ago. You should probably try to 
disable/replace your rules that use the 'regex' keyword or 
upgrade to a recent snort-stable snapshot where this is 
fixed, and see if the problem goes away.


----------------------------------------------------------------------

Comment By: Nathan Spande (nspande)
Date: 2002-03-04 08:17

Message:
Logged In: YES 
user_id=476262

I'm experiencing this as well.  My version is Version 1.8.3 
(Build 88), OS is Linux xxxxx 2.4.16 #1 SMP Tue Nov 27 
11:56:17 EST 2001 i686 unknown, dual proc machine, Mandrake 
7.2 base.  Sending SIGHUP fixes it for me also.  This only 
started happening after updating my ruleset on 3/1 from the 
tarfile at snort.org.  Traffic is maxing out at around 2M.  
Backend is MySQL database.

Thanks,
Nathan

----------------------------------------------------------------------

You can respond by visiting: 
http://sourceforge.net/tracker/?func=detail&atid=103357&aid=494612&group_id=3357




More information about the Snort-devel mailing list