Mon Jan 6 07:58:05 EST 2003


I have snort 1.8.3 running correctly on a Sun E250 (Solaris 8).

I would like to have snort run on a less busy system.
It is a Sun Ultra 1 (Solaris 8).  This version is 1.8.7.  
The snort daemon starts fine.  I see IP address directories in ./log/.
When I check my running processes later on, snort is no longer running
on this system.  There seems to be no consistent amount of time
for it to work.  I copied all the *.rules files and the *.conf file from 
the original system and just changed paths as needed.

Here's system info

Working system:

/usr/local/bin/snort -d -o -t /opt/snort -u snort -l ./log/ -s -c snort.conf

# ./memconf
Sun (TM) Enterprise 250 (UltraSPARC-II 400MHz)
       Interlv.  Socket   Size
Bank    Group     Name    (MB)  Status
----    -----    ------   ----  ------
  0      none     U0701   128      OK
  0      none     U0801   128      OK
  0      none     U0901   128      OK
  0      none     U1001   128      OK
  1      none     U0702   128      OK
  1      none     U0802   128      OK
  1      none     U0902   128      OK
  1      none     U1002   128      OK
  2      none     U0703   128      OK
  2      none     U0803   128      OK
  2      none     U0903   128      OK
  2      none     U1003   128      OK
  3      none     U0704   128      OK
  3      none     U0804   128      OK
  3      none     U0904   128      OK
  3      none     U1004   128      OK
empty sockets: None
total memory = 2048MB (2GB)

Problem system:

/usr/local/bin/snort -d -o -t /test/snort -u snort -l ./log/ -s -c
snort.conf -D

# ./memconf
Sun Ultra 1 SBus (UltraSPARC 167MHz)
socket U0701 has a 32MB DIMM
socket U0601 has a 32MB DIMM
socket U0702 has a 32MB DIMM
socket U0602 has a 32MB DIMM
socket U0703 has a 64MB DIMM
socket U0603 has a 64MB DIMM
empty sockets: U0704 U0604
total memory = 256MB


