[Snort-users] Snort 2.6.1 Stops Logging

Eric J. Feldhusen efeldhusen.lists at ...11827...
Wed Nov 22 14:11:59 EST 2006


rmkml wrote:
> Thx Eric,
> how memory you have please ?
2GB of ram, 1GB of swap

> possible send top when snort is started ?

top - 13:55:55 up 2 days, 22:08,  1 user,  load average: 1.03, 1.07, 1.00
Tasks:  73 total,   2 running,  71 sleeping,   0 stopped,   0 zombie
Cpu(s): 25.6% us,  1.4% sy,  0.0% ni, 72.9% id,  0.0% wa,  0.1% hi,  0.0% si
Mem:   2074920k total,  1570604k used,   504316k free,    73892k buffers
Swap:  1052248k total,        0k used,  1052248k free,  1231828k cached
top - 13:57:40 up 2 days, 22:10,  1 user,  load average: 0.55, 0.87, 0.93
Tasks:  73 total,   2 running,  71 sleeping,   0 stopped,   0 zombie
Cpu(s):  2.1% us,  2.9% sy,  0.0% ni, 94.8% id,  0.0% wa,  0.2% hi,  0.0% si
Mem:   2074920k total,  1548652k used,   526268k free,    73892k buffers
Swap:  1052248k total,        0k used,  1052248k free,  1231828k cached

   PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND 
 
                        32745 ntop      16   0  134m  43m 2976 S   11 
2.1 191:15.64 ntop 
                                               19645 snort     15   0 
52944  10m 1172 R    8  0.5   0:09.83 snort 
 
19667 root      16   0  3716  940  760 R    0  0.0   0:00.02 top 
 
                           1 root      16   0  2876  552  472 S    0 
0.0   0:01.17 init 
                                                   2 root      RT   0 
   0    0    0 S    0  0.0   0:00.19 migration/0 
 
   3 root      34  19     0    0    0 S    0  0.0   0:00.00 ksoftirqd/0 
 
                          4 root      RT   0     0    0    0 S    0  0.0 
   0:00.14 migration/1 
                                                5 root      34  19     0 
    0    0 S    0  0.0   0:00.00 ksoftirqd/1 
                                                                      6 
root      RT   0     0    0    0 S    0  0.0   0:00.12 migration/2 
 
                     7 root      34  19     0    0    0 S    0  0.0 
0:00.00 ksoftirqd/2 
                                             8 root      RT   0     0 
  0    0 S    0  0.0   0:03.85 migration/3 
                                                                    9 
root      34  19     0    0    0 S    0  0.0   0:00.00 ksoftirqd/3 
 
                    10 root       5 -10     0    0    0 S    0  0.0 
0:00.00 events/0 
                                            11 root       5 -10     0 
  0    0 S    0  0.0   0:00.00 events/1 
                                                                   12 
root       5 -10     0    0    0 S    0  0.0   0:00.00 events/2 
 
                    13 root       5 -10     0    0    0 S    0  0.0 
0:00.00 events/3 
                                            14 root       7 -10     0 
  0    0 S    0  0.0   0:00.01 khelper 
                                                                   15 
root      15 -10     0    0    0 S    0  0.0   0:00.00 kacpid 
 
                    30 root       5 -10     0    0    0 S    0  0.0 
0:00.00 kblockd/0 
                                            31 root       5 -10     0 
  0    0 S    0  0.0   0:00.00 kblockd/1 
                                                                   32 
root       5 -10     0    0    0 S    0  0.0   0:00.00 kblockd/2

> possible start snort with/without preproc-dynamic ?

Just making sure, I'm assuming I just need to comment out the ling
dynamicpreprocessor directory  /usr/lib/snort-2.6.1_dynamicpreprocessor/

or do I have to comment out all the dynamicengine and preprocessor lines?

> possible start snort without mysql output ?

Will do and will post follow up.

> possible for test run snort on verbose mode ?

Will do and will post follow up.
> Best Regards
> Rmkml


-- 
Eric Feldhusen
Network Administrator    http://www.remc1.org
eric at ...13995...
PO Box 270              (906) 482-4520  x239
809 Hecla St            (906) 482-5031 fax
Hancock, MI  49930      (906) 370 6202 mobile




More information about the Snort-users mailing list