[Snort-users] Snort 1.7 dies on OpenBSD 2.9 after some time.
Johan Simon Seland
johans at ...2344...
Wed Jun 20 08:28:16 EDT 2001
I am in the process of deploying snort at my company. It will run on a
dedicated snort box, and it will listen to both the inside and the
outside of our first firewall.
I compiled snort from the OpenBSD ports collection, downloaded the
current ruleset from www.snort.org and started one process on each
snort -Afull -o -i xl2 -l /var/log/snort2 -c /etc/snort/snort.conf -D
snort -Afull -o -i xl0 -l /var/log/snort0 -c /etc/snort/snort.conf -D
After about 40 minutes the process listening to xl2 died . The process
on xl0 (which is outside the FW and thus have more traffic has been
running for a few hours). Yesterday I had only the process on xl0
going, and it died after a few hours.
The logfiles shows a lot of:
Jun 20 12:59:13 kiko snort: [!] ERROR: Cannot allocate fragment buffer(us
But not around the time of the process dying.
The machine is an Intel P3 600MHZ with 128MB RAM, 3NICs.
This machine has previously been used as a workstation, and I don't
think the memory is corrupt (but one never knows)
Net Fonds ASA
More information about the Snort-users