[Snort-users] [RGSPAM] Re: snort process getting killed

doug schmidt douglas.j.schmidt at ...11827...
Wed May 16 13:49:40 EDT 2007


Yes, it dies. I was saying killed from the truss output.

Currently running with frag3; nothing specified for method.

Typical messages are:
snort[7240]: [ID 702911 daemon.notice] Writing PID "7240" to file
"/var/run//snort_iprb1.pid"
snort[7240]: [ID 702911 daemon.notice] Daemon initialized, signaled
parent pid: 7238
snort[7238]: [ID 702911 daemon.notice] Daemon parent exiting
snort[7240]: [ID 702911 daemon.notice] Snort initialization completed
successfully (pid=7240)
snort[7240]: [ID 702911 daemon.notice] Not Using PCAP_FRAMES

On 5/16/07, Joel Esler <joel.esler at ...1935...> wrote:
> I am sure you mean that Snort 'dies' as opposed to it getting killed. (Correct?)
>
> What do your logs say (/var/log/messages commonly)?  Anything?
>
>
> On Wed, May 16, 2007 at 12:13:29PM -0400, it looks like doug schmidt sent me:
> > Have gone through acs, ac, and lowmem so far. On acs/ac snort gets
> > kill around 10-15 minutes later. With lowmem, it was killed within a
> > minute or two.
> >
> > ~doug
> >
> > -------------------------------------------------------------------------
> > This SF.net email is sponsored by DB2 Express
> > Download DB2 Express C - the FREE version of DB2 express and take
> > control of your XML. No limits. Just data. Click to get it now.
> > http://sourceforge.net/powerbar/db2/
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
>
>
>
>
>
>
> +-----
> joel esler | security consultant | Sourcefire | http://demo.sourcefire.com/jesler.pgp.key
>
>




More information about the Snort-users mailing list