[Snort-users] Snort dies after a few days.

Emilio Mira emial at ...5404...
Tue Mar 26 23:54:19 EST 2002


Whether this can help, I'll append more messages from syslogd:

Mar  7 21:15:17 abc kernel: fore200e: damaged PDU on 0.0.226
Mar  7 21:15:17 abc kernel: fore200e: damaged PDU on 0.0.226
Mar  7 21:15:17 abc kernel: fore200e: damaged PDU on 0.0.225
Mar  7 21:15:17 abc kernel: fore200e: damaged PDU on 0.0.425
Mar  7 21:15:51 abc snort: Snort received signal 15, exiting
Mar  7 21:15:51 abc kernel: device atm0 left promiscuous mode
Mar  7 21:18:17 abc kernel: fore200e: damaged PDU on 0.0.225
Mar  7 21:18:17 abc kernel: fore200e: damaged PDU on 0.0.226
Mar  7 21:18:17 abc kernel: fore200e: damaged PDU on 0.0.226
Mar  7 21:18:17 abc kernel: fore200e: damaged PDU on 0.0.225
Mar  7 21:22:15 abc kernel: fore200e: damaged PDU on 0.0.226
Mar  7 21:22:15 abc kernel: fore200e: damaged PDU on 0.0.425
Mar  7 21:22:15 abc kernel: fore200e: damaged PDU on 0.0.225
Mar  7 21:22:15 abc kernel: fore200e: damaged PDU on 0.0.226
Mar  7 21:23:33 abc last message repeated 2 times
Mar  7 21:23:33 abc kernel: fore200e: damaged PDU on 0.0.226

I'm sure nobody was playing with snort at this moment and there aren't any 
scripts running that can send signal 15 to snort.

On Mon, 25 Mar 2002, Scott Nursten wrote:

> Hi there, 
> 
> Signal 15 is a SIGTERM and is the default for the 'kill' command.
> 
> To me, that means there is a good chance it was killed. Anyone on the list
> care to confirm that if snort dies, it will log something different to
> this??? If it dies on it's own, it shouldn't log signal 15 - should it?
> 
> Regards,
> 
> Scott 
> 
> 
> On 25/3/02 8:56 am, "Emilio Mira Alfaro" <emial at ...4389...> wrote:
> 
> > I'm using snort 1.8.4-beta4 I compiled with mysql and flexresp
> > support, libpcap 0.7.1, on RH 7.2 and it's listening from an ATM
> > interface. It's running ok, but after a few days, it dies for some
> > unknown reason. In /var/log/messages I get:
> > 
> > Mar  24 10:40:57 abc snort: Snort received signal 15, exiting
> > Mar  24 10:40:57 abc kernel: device atm0 left promiscuous mode
> > 
> > I recently updated RH 6.2 to RH 7.2 and snort 1.8.2 to 1.8.4-beta4.
> > When I worked with RH 6.2 and snort 1.8.2 I hadn't this problem.
> > 
> > Any ideas?
> > 
> > Thanks in advance.
> > 
> > --
> > Emilio Mira
> > e-mail: emial at ...4389...
> > 
> > 
> > 
> > 
> > 
> > 
> > 
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list
> > 
> 

-- 
Emilio Mira
e-mail:		emial at ...4389...
homepage:	http://mural.uv.es/emial





More information about the Snort-users mailing list