[Snort-devel] [Snort-users] snort 2.8.2.1 stops logging after 1 minute...

Steven Sturges steve.sturges at ...402...
Mon Jul 21 16:31:21 EDT 2008


Attached is a patch to 2.8.2.1 that should address the issue.
If anyone has problems with it, please let us know.

Cheers.
-steve

Tim Maletic wrote:
> Was glad to see this thread pop up.  I'm seeing similar behavior when I
> attempt to move from 2.8.0 to 2.8.2.
> 
> Running on RHEL4, 2.8.0 is working fine.  I shutdown, copy the 2.8.2 snort
> binary and libraries into place, restart, and then I get a handful of alerts
> before the load climbs to 2.5 in a minute or two.  (Load under 2.8.0 is
> typically under 1.)  Once it's in that state, no alerts fire (even while
> generating test alert traffic), and the snort processes don't respond to
> SIGUSR1 like normal.
> 
> So, same config, same rulesets, but 2.8.0 runs fine and 2.8.2 tanks.  (I
> also tried disabling my local rules under 2.8.2, and that didn't help.)
> -tm
> 
> 
> 
> ------------------------------------------------------------------------
> 
> -------------------------------------------------------------------------
> This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
> Build the coolest Linux based applications with Moblin SDK & win great prizes
> Grand prize is a trip for two to an Open Source event anywhere in the world
> http://moblin-contest.org/redirect.php?banner_id=100&url=/
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pcre_updates.diff
Type: text/x-patch
Size: 467 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20080721/161b3957/attachment.bin>


More information about the Snort-devel mailing list