[Snort-users] Upgrade of Snort

O'Flynn, Derek DOFlyn at ...6551...
Fri Sep 24 14:59:05 EDT 2004


An update,

 

I found the problem, on a hunch I checked /var/log/snort and noticed a big
ol' file sitting there.  So I deleted it...problem fixed.  Why is snort
logging to this file when I have it configured to replicate the events to a
db?

 

Derek O'Flynn

Enterprise Information Security

LSU Health Sciences Center

doflyn at ...6551... <mailto:doflyn at ...6551...>  (504)568-6130

  _____  

From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of O'Flynn, Derek
Sent: Friday, September 24, 2004 4:33 PM
To: 'snort-users at lists.sourceforge.net'
Subject: [Snort-users] Upgrade of Snort

 

I just did an upgrade for 2.0 to 2.2.  I rebuilt it and overlayed the old
binary.  I also utilized the new snort.conf and ported my specific
configurations over to it.  I dropped the tables in mysql and rebuilt them
using the create_mysql and snortdb-extra configs.  Updated the .config and
.map files to my etc directory.

 

Anyway, it looks like it comes up fine, and then crashes out with a file
size error.  Anyone know how to correct it?

 

rpc_decode arguments:

    Ports to decode RPC on: 111 32771 

    alert_fragments: INACTIVE

    alert_large_fragments: ACTIVE

    alert_incomplete: ACTIVE

    alert_multiple_requests: ACTIVE

telnet_decode arguments:

    Ports to decode telnet on: 21 23 25 119 

database: compiled support for ( mysql )

database: configured to use mysql

database:          user = snort

database: password is set

database: database name = snort

database:          host = localhost

database:   sensor name = 192.168.100.100

database:     sensor id = 1

database: schema version = 106

database: using the "log" facility

1889 Snort rules read...

1889 Option Chains linked into 196 Chain Headers

0 Dynamic rules

+++++++++++++++++++++++++++++++++++++++++++++++++++

 

Warning: flowbits key 'realplayer.playlist' is checked but not ever set.

 

+-----------------------[thresholding-config]-------------------------------
---

| memory-cap : 1048576 bytes

+-----------------------[thresholding-global]-------------------------------
---

| none

+-----------------------[thresholding-local]--------------------------------
---

| gen-id=1      sig-id=2495      type=Both       tracking=dst count=20
seconds=60 

| gen-id=1      sig-id=2523      type=Both       tracking=dst count=10
seconds=10 

| gen-id=1      sig-id=2494      type=Both       tracking=dst count=20
seconds=60 

| gen-id=1      sig-id=2275       type=Threshold tracking=dst count=5
seconds=60 

| gen-id=1      sig-id=2496      type=Both       tracking=dst count=20
seconds=60 

+-----------------------[suppression]---------------------------------------
---

----------------------------------------------------------------------------
---

Rule application order: ->activation->dynamic->alert->pass->log

 

        --== Initialization Complete ==--

 

-*> Snort! <*-

Version 2.2.0 (Build 30)

By Martin Roesch (roesch at ...1935..., www.snort.org)

File size limit exceeded

 

Thanks,

Derek O'Flynn

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040924/efc4407e/attachment.html>


More information about the Snort-users mailing list