[Snort-users] Snort 1.7 dies on OpenBSD 2.9 after some time.

Johan Simon Seland johans at ...2344...
Wed Jun 20 08:28:16 EDT 2001


I am in the process of deploying snort at my company. It will run on a
dedicated snort box, and it will listen to both the inside and the
outside of our first firewall.

I compiled snort from the OpenBSD ports collection, downloaded the
current ruleset from www.snort.org and started one process on each
interface with:

snort -Afull -o -i xl2 -l /var/log/snort2 -c /etc/snort/snort.conf -D
snort -Afull -o -i xl0 -l /var/log/snort0 -c /etc/snort/snort.conf -D

After about 40 minutes the process listening to xl2 died . The process
on xl0 (which is outside the FW and thus have more traffic has been
running for a few hours). Yesterday I had only the process on xl0
going, and it died after a few hours.

The logfiles shows a lot of:

Jun 20 12:59:13 kiko snort: [!] ERROR: Cannot allocate fragment buffer(us
age 0x133140B4) 

But not around the time of the process dying.

The machine is an Intel P3 600MHZ with 128MB RAM, 3NICs.

This machine has previously been used as a workstation, and I don't
think the memory is corrupt (but one never knows)

Johan Seland
Net Fonds ASA

More information about the Snort-users mailing list