[Snort-users] snort dies

Matt Kettler mkettler at ...4108...
Wed Mar 13 11:14:09 EST 2002


Hmm, could you include some useful information about your setup?

What snort version?
What OS? (including distribution and release where applicable)
What kind of logging are you using?

As a quick guess, If you're using snort 1.8.3 on a Linux system with text 
mode logging, and the -d or -X command line switch, upgrade to 1.8.4 beta 
or hand patch the bug in the ICMP header size. ICMP packets under 4 bytes 
will crash snort if all of above conditions are met.

I'd also seriously consider switching to tcpdump logging while you're at it.

At 11:15 AM 3/13/2002 +0900, Nigel Henden wrote:
>1. I notice that snort dies after one or two days. I have checked in all my
>logs but see no errors or warning messages.





More information about the Snort-users mailing list