[Snort-users] The snort is stoped...!!!

rmkml rmkml at ...953...
Wed Jun 7 14:28:37 EDT 2006


Hi Daniel,
what snort version you have ? (maybe check last version)
maybe check /var/log/messages and others ? (search kill proc ...)
or search core dump ?
on your stat, your snort drop many packet, what is your conf ?
test snort with less rules/preprocessor ?
Regards
Rmkml


On Wed, 7 Jun 2006, Daniel Cordoba wrote:

> Date: Wed, 07 Jun 2006 16:29:24 +0000
> From: Daniel Cordoba <danielcba at ...125...>
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] The snort is stoped...!!!
> 
> hello people ; a consultation ; I run the snort with the following options
> and
> this is stoped after many hours to work.
> thanks.
>
> snort -s -v -c /etc/snort/snort.conf -A full -X
> snort -s -v -c /etc/snort/snort.conf -A full
> snort -s -v -c /etc/snort/snort.conf
>
> =============================================================
>
> Snort received 740284 packets
>    Analyzed: 177368(23.959%)
>    Dropped: 562916(76.041%)
> =============================================================
> Breakdown by protocol:
> TCP: 34162      (4.615%)
> UDP: 19616      (2.650%)
> ICMP: 1653       (0.223%)
> ARP: 27542      (3.720%)
> EAPOL: 0          (0.000%)
> IPv6: 0          (0.000%)
> IPX: 12         (0.002%)
> OTHER: 5665       (0.765%)
> DISCARD: 0          (0.000%)
> =============================================================
> Action Stats:
> ALERTS: 709
> LOGGED: 709
> PASSED: 0
> =============================================================
> TCP Stream Reassembly Stats:
>    TCP Packets Used: 34161      (4.615%)
>    Stream Trackers: 1385
>    Stream flushes: 3
>    Segments used: 5
>    Stream4 Memory Faults: 0
> =============================================================
> Final Flow Statistics
> ,----[ FLOWCACHE STATS ]----------
> Memcap: 10485760 Overhead Bytes 16400 used(%3.667860)/blocks (384603/2058)
> Overhead blocks: 1 Could Hold: (58579)
> IPV4 count: 2057 frees: 0 low_time: 1149508369, high_time: 1149516896, diff:
> 2h:22:07s
>    finds: 55438 reversed: 18725(%33.776471)
>    find_sucess: 53381 find_fail: 2057 percent_success: (%96.289549)
> new_flows: 2057
> Protocol: 1 (%2.981709) finds: 1653  reversed: 19(%1.149425)
> find_sucess: 1404 find_fail: 249 percent_success: (%84.936479) new_flows:
> 249
> Protocol: 2 (%0.009019) finds: 5  reversed: 0(%0.000000)
> find_sucess: 3 find_fail: 2 percent_success: (%60.000000) new_flows: 2
> Protocol: 6 (%61.625600) finds: 34164  reversed: 18621(%54.504742)
> find_sucess: 33183 find_fail: 981 percent_success: (%97.128556) new_flows:
> 981
> Protocol: 17 (%35.383672) finds: 19616  reversed: 85(%0.433320)
> find_sucess: 18791 find_fail: 825 percent_success: (%95.794250) new_flows:
> 825
> Snort exiting
>
> _________________________________________________________________
> MSN Amor: busca tu ½ naranja http://latam.msn.com/amor/
>
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>


More information about the Snort-users mailing list