[Snort-users] Snort dying...

Charlie Hand,,, charlieh at ...155...
Thu Mar 15 17:13:42 EST 2001


Michael Davis wrote:



>  
> 
>> We found that turning off the defrag preprocessor
>> eliminated the errors. Try that, please, and
>> report back.
> 
> 
> Before I released 1.7 I tested a lot with the defrag preprocessor.
> Never had a problem.  How long is snort running before it dies? Maybe
> a memory leak?

It runs for about a minute, more or less.

We have alot of NFS traffic using UDP, that's where
all the "large UDP" events are coming from.

We tried turning off the database output, and we
tried "passing" the large UDP rule. Neither of those
stopped it from crashing.

We have another instance of snort running on a Linux
box on the same network (same rash of large UDP's)
with the defrag turned on, and it runs forever.

-Charlie





More information about the Snort-users mailing list