[Snort-users] help with Snort sub-processes stoping

Larry Wichman larrywichman at ...131...
Fri Feb 11 09:53:43 EST 2005


I am having an issue with one of my Snort 2.20 sensors
runinng on Fedora Core 1. This sensor sees an average
of 10mb of traffic/sec and generates a lot of alerts.
The sensor seems to work fine for several hours but
after a while it will only generate a few alerts/hr.
When I try to restart the processes it seems to
timeout. It takes several minutes and then I get a ton
of errors similiar to these: 

/etc/init.d/snort: line 63: kill: -L: no such pid
/etc/init.d/snort: line 63: kill: <file>: no such pid
/etc/init.d/snort: line 63: kill: Log: no such pid
/etc/init.d/snort: line 63: kill: to: no such pid
/etc/init.d/snort: line 63: kill: this: no such pid
/etc/init.d/snort: line 63: kill: tcpdump: no such 

It looks like it cannot kill some of the sub processes
when I try to restart the service. It cannot kill the
service and I have two instances of Snort ruinning:

root      3130 17.8 92.2 534756 474140 ?     D   
Feb10 294:32 /usr/local/bin/snort -c
/etc/snort/snort.conf -i eth1 -g snort -D
root      5277 33.8  2.7 37308 14236 ?       S   
11:47   2:25 /usr/local/bin/snort -c
/etc/snort/snort.conf -i eth1 -g snort -D

Does anyone have any idea why the sub -processes are
not running when I try to restart? 

Larry


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 




More information about the Snort-users mailing list