[Snort-users] snort dies
mkettler at ...4108...
Wed Mar 13 11:14:09 EST 2002
Hmm, could you include some useful information about your setup?
What snort version?
What OS? (including distribution and release where applicable)
What kind of logging are you using?
As a quick guess, If you're using snort 1.8.3 on a Linux system with text
mode logging, and the -d or -X command line switch, upgrade to 1.8.4 beta
or hand patch the bug in the ICMP header size. ICMP packets under 4 bytes
will crash snort if all of above conditions are met.
I'd also seriously consider switching to tcpdump logging while you're at it.
At 11:15 AM 3/13/2002 +0900, Nigel Henden wrote:
>1. I notice that snort dies after one or two days. I have checked in all my
>logs but see no errors or warning messages.
More information about the Snort-users