[Snort-users] snort keeps dying!!!

Zakai Kinan titanyen2000 at ...131...
Mon Sep 10 15:54:39 EDT 2007


I went back to 2.6.1.5 for now because I could not
wait anymore.  I am going to try it in a virtual
environment and send the info then.


Thanks again,


ZK


--- Todd Wease <twease at ...1935...> wrote:

> Zakai
> 
> If possible, can you:
> 
> (1) provide the snort.conf you are using
> (2) provide the command line used
> (3) run snort in gdb and provide a backtrace of the
> segfault.
> (4) provide a packet capture of the traffic when
> snort segfaults.
> 
> Any and all of the above would be very helpful.
> 
> If any of the above information is sensitive, please
> send your response
> with attachments to bugs at ...10585...
> 
> Thanks,
> Todd
> 
> 
> Zakai Kinan wrote:
> > No, I am not trying to run all of the sigs.  I
> have a
> > long disabled list.  I only run some from bleeding
> and
> > snort community.  I get a Segmentation fault error
> > when not in daemon mode.  I only have a T1 so my
> > bandwidth usage is limited.  I am not running out
> of
> > memory when it stops.  Snort is currently setup
> with
> > lowmem config.  I thought of the same thing.  It
> was
> > setup as AC in 2.6.1.5 and it worked fine.  
> > 
> > 
> > Thanks again,
> > 
> > 
> > ZK
> > 
> > 
> > 
> > --- "M. Shirk" <shirkdog_list at ...125...> wrote:
> > 
> >>
> >> The better questions:
> >>
> >>
> >>
> >> Are you trying to run ALL SIGNATURES (including
> >> bleeding threats, and the Stormworm IP
> Signatures,
> >> about 15,000 signatures)??
> >>
> >>
> >>
> >> How much bandwidth is this firewall handling?
> (Mb/s)
> >>
> >>
> >>
> >> Run Snort in non-daemon mode, and see the error
> you
> >> get when it stops running. 
> >>
> >>
> >>
> >>
> >>
> >> Shirkdog
> >>
> >> ' or 1=1-- 
> >>
> >>
> >>
> >> http://www.shirkdog.us
> >>> Date: Thu, 6 Sep 2007 12:20:32 -0400
> >>> From: joel.esler at ...1935...
> >>> To: titanyen2000 at ...131...;
> >> snort-users at lists.sourceforge.net
> >>> Subject: Re: [Snort-users] snort keeps dying!!!
> >>>
> >>> We'll probably need some kind of debug output to
> >> find out why it's dying
> >>> since it's not printing any error messages.
> >>>
> >>> Are you running out of RAM on the box when Snort
> >> dies?
> >>> J
> >>>
> >>>
> >>> On 9/6/07 12:16 PM, "Zakai Kinan"
> >> <titanyen2000 at ...131...> mentioned to me:
> >>>> The firewall is using Debian Etch 4.1.  It is a
> >> Dell
> >>>> PE 2950.  I have nothing in the logs.  Version
> >> 2.6.1.5
> >>>> worked fine until I upgraded to latest version.
> >>>>
> >>>>
> >>>> ZK
> >>>>   
> >>>> --- Joel Esler <joel.esler at ...1935...>
> >> wrote:
> >>>>> What OS?  What hardware?  Do you have anything
> >> in
> >>>>> your system log?
> >>>>>
> >>>>> Joel
> >>>>>
> >>>>>
> >>>>> On 9/6/07 11:57 AM, "Zakai Kinan"
> >>>>> <titanyen2000 at ...131...> mentioned to me:
> >>>>>
> >>>>>> I just upgraded from 2.6.1.5 to 2.7.0.1 and
> >> now
> >>>>> snort
> >>>>>> keeps dying with no error messages.  I am
> >> using
> >>>>>> snortsam, flex_resp2, and react.  I have
> >> lowered
> >>>>> the
> >>>>>> memory config to lowmem.  The firewall has
> two
> >>>>> cpus
> >>>>>> and 4GB of ram.  I start the daemaon and 2
> >> minutes
> >>>>>> later it stops suddenly.  Has anyone else
> >>>>> encounter
> >>>>>> this problem?
> >>>>>>
> >>>>>> TIA,
> >>>>>>
> >>>>>> ZK
> >>>>>>
> >>>>>>
> >>>>>>        
> >>>>>>
> >
>
______________________________________________________________________________
> >>>>>> ______
> >>>>>> Need a vacation? Get great deals
> >>>>>> to amazing places on Yahoo! Travel.
> >>>>>> http://travel.yahoo.com/
> >>>>>>
> >>>>>>
> >
>
-------------------------------------------------------------------------
> >>>>>> This SF.net email is sponsored by: Splunk
> Inc.
> >>>>>> Still grepping through log files to find
> >> problems?
> >>>>>  Stop.
> >>>>>> Now Search log events and configuration files
> >>>>> using AJAX and a browser.
> >>>>>> Download your FREE copy of Splunk now >>
> >>>>> http://get.splunk.com/
> >> _______________________________________________
> >>>>>> Snort-users mailing list
> >>>>>> Snort-users at lists.sourceforge.net
> >>>>>> Go to this URL to change user options or
> >>>>> unsubscribe:
> >
>
https://lists.sourceforge.net/lists/listinfo/snort-users
> >>>>>> Snort-users list archive:
> >>>>>>
> >
>
http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >>>>> --
> >>>>> joel esler | security consultant | Sourcefire
> |
> >> pgp
> >>>>> is public
> >>>>>
> >>>>>
> >>>>>
> >>>>
> >>>>
> >>>>       
> >>>>
> >
>
______________________________________________________________________________
> >>>> ______
> >>>> Shape Yahoo! in your own image.  Join our
> >> Network Research Panel today!
> >
>
http://surveylink.yahoo.com/gmrs/yahoo_panel_invite.asp?a=7
> >>>>
> >>>>
> >>>>
> >
>
-------------------------------------------------------------------------
> >>>> This SF.net email is sponsored by: Splunk Inc.
> >>>> Still grepping through log files to find
> >> problems?  Stop.
> >>>> Now Search log events and configuration files
> >> using AJAX and a browser.
> >>>> Download your FREE copy of Splunk now >> 
> >> http://get.splunk.com/
> 
=== message truncated ===



       
____________________________________________________________________________________
Pinpoint customers who are looking for what you sell. 
http://searchmarketing.yahoo.com/




More information about the Snort-users mailing list