[Snort-users] snort.alert and snort crashes.

C. Bensend benny at ...779...
Sat Nov 11 01:12:04 EST 2000

Hello folks,

	I have two questions for you:

1)  I am running snort on my borders.  My firewalls are
running OpenBSD 2.7.  On one of the machines, snort has
created a snort.alert file in the log directory.  This is
A Good Thing(tm), it allows me to check for changes and
email me any additional alerts Snort sees.  On the second
OpenBSD firewall, it has not created a snort.alert file -
I'm not sure why.  The config files are identical, except
for the HOME_NET value.  Both systems are identical, except
for hardware.  The md5 sums on both binaries are identical.
Any ideas?

2)  Snort craps itself upon recieving an nmap:

[benny at ...780... ~]$ snort -V

-*> Snort! <*-
Version 1.6.3
By Martin Roesch (roesch at ...66..., www.snort.org)

   On this machine, it just dies.  No coredump, nothing in
the logs.  It just disappears.  Has anyone seen this
behavior with 1.6.3?  I have not tried it yet with my
other firewall (the one that mysteriously does not
produce the snort.alert file).

Thank you for your help,


benny at ...779...
"I need to upgrade my /dev/null - mine is getting full."

More information about the Snort-users mailing list