[Snort-users] Snort 2.6.1 Stops Logging

Jason Haar Jason.Haar at ...294...
Wed Nov 22 03:02:05 EST 2006


Martin Roesch wrote:
> One thing you could do to help us figure out what's going on is to  
> run gdb and attach it to the Snort process.  Once it's attached, run  
> a backtrace and if the program is stuck in function it should be very  
> apparent.
>
> Can you try that and post the backtrace?
>
>  
Sure can. My newly upgraded 2.6.1 system still shows the same symptoms -
and they kicked in after <1 hour of starting.

I have three snort-mysql's processes running on this particular box -
two are in the "S" (sleep) state and the broken one is stuck in "R"
(running). Attaching to that process with strace shows ZERO activity -
normally you'd expect to see lines of text per packet. So it's
definitely unhappy.

gdb --pid=PID followed by a BT attached.

PS: this is on a CentOS4.4 system, with kernel 2.6.18 (non-smp)

Jason


------------------


-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: gdb-output.txt
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20061122/2842b401/attachment.txt>


More information about the Snort-users mailing list