[Snort-users] Snort dies after a few days.

Phil Wood cpw at ...440...
Mon Mar 25 08:03:16 EST 2002


There has been a discussion on the tcpdump.org list that indicates that RH 7.2
is broken in regards to libpcap and packet timestamps.  You might want to
upgrade your kernel to 2.4.18 (www.kernel.org).

[not for the uninitiated.]

PS: If you make sure that your snort environment is providing "core" dumps,

      prompt: ulimit -c 10000000
    
    prior to starting snort, and you have a snort compiled with '-g', then
    you could send information to the list that would be helpful.  See:

      BUGS

Later, 

On Mon, Mar 25, 2002 at 09:56:25AM +0100, Emilio Mira Alfaro wrote:
> I'm using snort 1.8.4-beta4 I compiled with mysql and flexresp
> support, libpcap 0.7.1, on RH 7.2 and it's listening from an ATM
> interface. It's running ok, but after a few days, it dies for some
> unknown reason. In /var/log/messages I get:
> 
> Mar  24 10:40:57 abc snort: Snort received signal 15, exiting
> Mar  24 10:40:57 abc kernel: device atm0 left promiscuous mode
> 
> I recently updated RH 6.2 to RH 7.2 and snort 1.8.2 to 1.8.4-beta4.
> When I worked with RH 6.2 and snort 1.8.2 I hadn't this problem.
> 
> Any ideas?
> 
> Thanks in advance. 
> 
> --
> Emilio Mira
> e-mail: emial at ...4389...
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list

-- 
Phil Wood, cpw at ...440...





More information about the Snort-users mailing list