[Snort-users] snort keeps dying!!!

Zakai Kinan titanyen2000 at ...131...
Thu Sep 6 15:26:01 EDT 2007


No, I am not trying to run all of the sigs.  I have a
long disabled list.  I only run some from bleeding and
snort community.  I get a Segmentation fault error
when not in daemon mode.  I only have a T1 so my
bandwidth usage is limited.  I am not running out of
memory when it stops.  Snort is currently setup with
lowmem config.  I thought of the same thing.  It was
setup as AC in 2.6.1.5 and it worked fine.  


Thanks again,


ZK



--- "M. Shirk" <shirkdog_list at ...125...> wrote:

> 
> 
> The better questions:
> 
> 
> 
> Are you trying to run ALL SIGNATURES (including
> bleeding threats, and the Stormworm IP Signatures,
> about 15,000 signatures)??
> 
> 
> 
> How much bandwidth is this firewall handling? (Mb/s)
> 
> 
> 
> Run Snort in non-daemon mode, and see the error you
> get when it stops running. 
> 
> 
> 
> 
> 
> Shirkdog
> 
> ' or 1=1-- 
> 
> 
> 
> http://www.shirkdog.us
> > Date: Thu, 6 Sep 2007 12:20:32 -0400
> > From: joel.esler at ...1935...
> > To: titanyen2000 at ...131...;
> snort-users at lists.sourceforge.net
> > Subject: Re: [Snort-users] snort keeps dying!!!
> > 
> > We'll probably need some kind of debug output to
> find out why it's dying
> > since it's not printing any error messages.
> > 
> > Are you running out of RAM on the box when Snort
> dies?
> > 
> > J
> > 
> > 
> > On 9/6/07 12:16 PM, "Zakai Kinan"
> <titanyen2000 at ...131...> mentioned to me:
> > 
> > > The firewall is using Debian Etch 4.1.  It is a
> Dell
> > > PE 2950.  I have nothing in the logs.  Version
> 2.6.1.5
> > > worked fine until I upgraded to latest version.
> > > 
> > > 
> > > ZK
> > >   
> > > --- Joel Esler <joel.esler at ...1935...>
> wrote:
> > > 
> > >> What OS?  What hardware?  Do you have anything
> in
> > >> your system log?
> > >> 
> > >> Joel
> > >> 
> > >> 
> > >> On 9/6/07 11:57 AM, "Zakai Kinan"
> > >> <titanyen2000 at ...131...> mentioned to me:
> > >> 
> > >>> I just upgraded from 2.6.1.5 to 2.7.0.1 and
> now
> > >> snort
> > >>> keeps dying with no error messages.  I am
> using
> > >>> snortsam, flex_resp2, and react.  I have
> lowered
> > >> the
> > >>> memory config to lowmem.  The firewall has two
> > >> cpus
> > >>> and 4GB of ram.  I start the daemaon and 2
> minutes
> > >>> later it stops suddenly.  Has anyone else
> > >> encounter
> > >>> this problem?
> > >>> 
> > >>> TIA,
> > >>> 
> > >>> ZK
> > >>> 
> > >>> 
> > >>>        
> > >>> 
> > >> 
> > >
>
______________________________________________________________________________
> > >>> ______
> > >>> Need a vacation? Get great deals
> > >>> to amazing places on Yahoo! Travel.
> > >>> http://travel.yahoo.com/
> > >>> 
> > >>> 
> > >> 
> > >
>
-------------------------------------------------------------------------
> > >>> This SF.net email is sponsored by: Splunk Inc.
> > >>> Still grepping through log files to find
> problems?
> > >>  Stop.
> > >>> Now Search log events and configuration files
> > >> using AJAX and a browser.
> > >>> Download your FREE copy of Splunk now >>
> > >> http://get.splunk.com/
> > >>>
> _______________________________________________
> > >>> Snort-users mailing list
> > >>> Snort-users at lists.sourceforge.net
> > >>> Go to this URL to change user options or
> > >> unsubscribe:
> > >>> 
> > >> 
> > >
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> > >>> Snort-users list archive:
> > >>> 
> > >> 
> > >
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > >>> 
> > >> 
> > >> --
> > >> joel esler | security consultant | Sourcefire |
> pgp
> > >> is public
> > >> 
> > >> 
> > >> 
> > > 
> > > 
> > > 
> > >       
> > >
>
______________________________________________________________________________
> > > ______
> > > Shape Yahoo! in your own image.  Join our
> Network Research Panel today!
> > >
>
http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
> > > 
> > > 
> > > 
> > >
>
-------------------------------------------------------------------------
> > > This SF.net email is sponsored by: Splunk Inc.
> > > Still grepping through log files to find
> problems?  Stop.
> > > Now Search log events and configuration files
> using AJAX and a browser.
> > > Download your FREE copy of Splunk now >> 
> http://get.splunk.com/
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users at lists.sourceforge.net
> > > Go to this URL to change user options or
> unsubscribe:
> > >
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > >
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > > 
> > 
> > --
> > joel esler | security consultant | Sourcefire |
> pgp is public
> > 
> > 
> > 
> >
>
-------------------------------------------------------------------------
> > This SF.net email is sponsored by: Splunk Inc.
> > Still grepping through log files to find problems?
>  Stop.
> > Now Search log events and configuration files
> using AJAX and a browser.
> > Download your FREE copy of Splunk now >> 
> http://get.splunk.com/
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or
> unsubscribe:
> >
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> >
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
>
_________________________________________________________________
> Connect to the next generation of MSN Messenger 
> 
=== message truncated ===>
-------------------------------------------------------------------------
> This SF.net email is sponsored by: Splunk Inc.
> Still grepping through log files to find problems? 
> Stop.
> Now Search log events and configuration files using
> AJAX and a browser.
> Download your FREE copy of Splunk now >> 
http://get.splunk.com/>
_______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or
> unsubscribe:
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users



       
____________________________________________________________________________________
Yahoo! oneSearch: Finally, mobile search 
that gives answers, not web links. 
http://mobile.yahoo.com/mobileweb/onesearch?refer=1ONXIC




More information about the Snort-users mailing list