[Snort-devel] Snort 2.1.0 hangs/stops responding

Kumar, Manoj kumarm at ...2330...
Mon Jan 19 15:07:04 EST 2004


Thanks for your response Dick.
Strange thing is that process is active.Only thing is that it has stopped logging data to tcpdump file.Yes,you are right. I am running on RedHat linux 2.4.6.

I will try to attach the process to strace and see the behaviour.

Manoj

-----Original Message-----
From: Dirk Geschke [mailto:Dirk at ...972...]
Sent: Monday, January 19, 2004 5:22 PM
To: Kumar, Manoj
Cc: snort-devel at lists.sourceforge.net
Subject: Re: [Snort-devel] Snort 2.1.0 hangs/stops responding


Hi Manoj,

> I am facing a problem with SNORT 2.1.0 and even previous versions 
> like 2.0.0 or 2.0.6 etc has some problem if it captures a huge amount 
> of packets (100MB/min). It stops responding after running for quite 
> some time. Some time, for 1-2 days and some time for couple of hours 
> depending on traffic flow. I am capturing data on Gigabit ethernet 
> card(eth1).
> 
> I have only way to keep it capturing continously is by killing the 
> SNORT process  after about 1 hour or so. Any idea,why I am facing
> this problem.Any help will be greatly appreciated.

did you verify the process status if snort stops working?
Especially cpu usage and memory consumption would be interesting
aspects.

Did you try to attach with strace (the device name eth1 sounds as 
you are running linux?) to the running process (strace -p[PID])?

Where there some error messages of snort either on sdterr or
in the syslog files?

This should give at least some hints where to start debugging.

Best regards

Dirk Geschke





More information about the Snort-devel mailing list