[Snort-users] Snort-1.9 on OBSD-3.2

Erek Adams erek at ...950...
Tue Jan 28 06:55:05 EST 2003


On Tue, 28 Jan 2003 bthaler at ...2720... wrote:

> Here's some more detail:
>
> Command Line = /usr/local/bin/snort -c /etc/snort/snort.conf -i xl0 -D (same
> as Snort-1.8.7)
>
> Here's my preprocessors (pretty much default, as I haven't tweaked this
> install yet)
> preprocessor frag2
> preprocessor stream4: disable_evasion_alerts, ttl_limit 0
> preprocessor stream4_reassemble: noalerts
> preprocessor http_decode: 80 unicode iis_alt_unicode double_encode
> iis_flip_slash full_whitespace
> preprocessor rpc_decode: 111 32771
> preprocessor conversation: allowed_ip_protocols all, timeout 60,
> max_conversations 32000
> preprocessor portscan2: scanners_max 3200, targets_max 5000, target_limit 5,
> port_limit 20, timeout 60
>
> And the output plugin (again this was working fine with Snort-1.8.7)
> output database: log, mysql, user=snort dbname=snort password=snort
> host=10.1.1.3 sensor_name=Webstream
>
> Since my first message, I have built Snort-1.8.7 and it's running smoothly
> (so far).

Well....  I can say this:

[erek at ...8117...]~>uname -a
OpenBSD ghosts 3.2 GENERIC#25 i386  (yeah, yeah, I know--Build my own :)
[erek at ...8117...]~>snort -V
Initializing Output Plugins!

-*> Snort! <*-
Version 2.0.0beta (Build 49)
By Martin Roesch (roesch at ...1935..., www.snort.org)

Works just fine here.  :)

What kind of 'crash'?  How does it die?  Try running it w/o the -D and see
what the error happens to be.  Does it core?  If so can you check the BUGS
file and follow those gdb steps?  If no core, run it under gdb (check BUGS
for exact directions) and see what you can find.

One thing that changed from 1.8.x -> 1.9.x was the amount of memory that
Snort uses.  Make sure you're not running out of memory.  For example:

load averages:  0.08,  0.08,  0.08                                   09:42:12
31 processes:  1 running, 29 idle, 1 stopped
CPU states:  0.0% user,  0.0% nice,  0.0% system,  0.0% interrupt,  100%
idle
Memory: Real: 110M/141M act/tot  Free: 105M  Swap: 0K/1024M used/tot

  PID USERNAME PRI NICE  SIZE   RES STATE WAIT     TIME    CPU COMMAND
16077 root       4    0   98M   98M sleep bpf      0:09  0.29% snort

98M on fairly bored box.  Stream4 and Conversation eat tons of ram.
Hungry lil' buggers.

Hope that helps!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson




More information about the Snort-users mailing list