[Snort-users] Upgrade of Snort

O'Flynn, Derek DOFlyn at ...6551...
Fri Sep 24 14:59:05 EDT 2004

An update,


I found the problem, on a hunch I checked /var/log/snort and noticed a big
ol' file sitting there.  So I deleted it...problem fixed.  Why is snort
logging to this file when I have it configured to replicate the events to a


Derek O'Flynn

Enterprise Information Security

LSU Health Sciences Center

doflyn at ...6551... <mailto:doflyn at ...6551...>  (504)568-6130


From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of O'Flynn, Derek
Sent: Friday, September 24, 2004 4:33 PM
To: 'snort-users at lists.sourceforge.net'
Subject: [Snort-users] Upgrade of Snort


I just did an upgrade for 2.0 to 2.2.  I rebuilt it and overlayed the old
binary.  I also utilized the new snort.conf and ported my specific
configurations over to it.  I dropped the tables in mysql and rebuilt them
using the create_mysql and snortdb-extra configs.  Updated the .config and
.map files to my etc directory.


Anyway, it looks like it comes up fine, and then crashes out with a file
size error.  Anyone know how to correct it?


rpc_decode arguments:

    Ports to decode RPC on: 111 32771 

    alert_fragments: INACTIVE

    alert_large_fragments: ACTIVE

    alert_incomplete: ACTIVE

    alert_multiple_requests: ACTIVE

telnet_decode arguments:

    Ports to decode telnet on: 21 23 25 119 

database: compiled support for ( mysql )

database: configured to use mysql

database:          user = snort

database: password is set

database: database name = snort

database:          host = localhost

database:   sensor name =

database:     sensor id = 1

database: schema version = 106

database: using the "log" facility

1889 Snort rules read...

1889 Option Chains linked into 196 Chain Headers

0 Dynamic rules



Warning: flowbits key 'realplayer.playlist' is checked but not ever set.



| memory-cap : 1048576 bytes


| none


| gen-id=1      sig-id=2495      type=Both       tracking=dst count=20

| gen-id=1      sig-id=2523      type=Both       tracking=dst count=10

| gen-id=1      sig-id=2494      type=Both       tracking=dst count=20

| gen-id=1      sig-id=2275       type=Threshold tracking=dst count=5

| gen-id=1      sig-id=2496      type=Both       tracking=dst count=20



Rule application order: ->activation->dynamic->alert->pass->log


        --== Initialization Complete ==--


-*> Snort! <*-

Version 2.2.0 (Build 30)

By Martin Roesch (roesch at ...1935..., www.snort.org)

File size limit exceeded



Derek O'Flynn

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040924/efc4407e/attachment.html>

More information about the Snort-users mailing list