[Snort-users] Fw: [HELP] snort stop processing on "Initializing rule chains" issue

Rachmat Hidayat Al-Anshar rachmat_hidayat_02 at ...131...
Tue Jan 8 22:42:52 EST 2008


Ow, wrong perception for me I think,
production cases was a common process of Snort
after passing the testing phase. 

Nothin to do with real production thing.
Sorry for this.

Thanks
Rachmat Hidayat Al Anshar


----- Original Message ----
From: Joel Esler <joel.esler at ...1935...>
To: Rachmat Hidayat Al-Anshar <rachmat_hidayat_02 at ...131...>
Sent: Wednesday, January 9, 2008 6:32:38 AM
Subject: Re: [Snort-users] Fw: [HELP] snort stop processing on "Initializing rule chains" issue


What do you mean "production cases"? 

Joel


On Tue, Jan 08, 2008 at 02:56:41PM -0800, it looks like Rachmat Hidayat
 Al-Anshar sent me:
>    I running it on console mode just for testing purpose, besides
 using
>    -T switch sometimes, Joel. I only run Snort in console mode for
>    production cases. And I think I didn't using so much rules, after
>    installing Snort, all that I've done is extract the
 snortrules-snapshot
>    from snort.org.  I just pointing var RULE_PATH to
 /etc/snort/rules.
> 
>    There is not much changing on my snort.conf, because I think
>    I can't move up configuring snort configuration file if my simple
>    form, can't work well.
> 
>    var HOME_NET [10.1.1.0/24,192.168.0.0/24]
>    var EXTERNAL_NET !$HOME_NET
>    var RULE_PATH /etc/snort/rules
>    config detection: search-method lowmem
>    preprocessor perfmonitor: time 300 file /var/log/snort/snort.stats
 pktcnt
>    10000
>    output log_unified: filename snort.log, limit 128
> 
>    the rest of configuration directive sets to default value..
> 
>    ----- Original Message ----
>    From: Joel Esler <joel.esler at ...1935...>
>    To: Rachmat Hidayat Al-Anshar <rachmat_hidayat_02 at ...131...>
>    Cc: snort <Snort-users at lists.sourceforge.net>
>    Sent: Saturday, December 29, 2007 8:38:13 PM
>    Subject: Re: [Snort-users] Fw: [HELP] snort stop processing on
>    "Initializing rule chains" issue
> 
>    You should try not running it in console mode, run it in daemon
 mode.
>    How many rules do you have enabled?
>    Please post your snort.conf file as I asked before.
>    --
>    Joel Esler
>    [1]joel.esler at ...1935...
>    On Dec 28, 2007, at 11:29 PM, Rachmat Hidayat Al-Anshar wrote:
> 
>      Ow, I have a wrong understanding about this, before I was
 thinking
>      that Snort stuck its process because of RAM lacking.
> 
>      How is it Joel, the snort machine still stuck???
>      Now I using 768 MB of memory :'((
> 
>      Help meee...
>      Thanks
>      Rachmat Hidayat Al Anshar
> 
>      ----- Forwarded Message ----
>      From: Rachmat Hidayat Al-Anshar
 <[2]rachmat_hidayat_02 at ...131...>
>      To: snort <[3]Snort-users at lists.sourceforge.net>
>      Sent: Saturday, December 29, 2007 10:58:06 AM
>      Subject: Re: [Snort-users] [HELP] snort stop processing on
 "Initializing
>      rule chains" issue
> 
>      <[4]rachmat_hidayat_02 at ...131...> wrote:
>      > Now I am using 512 MB of RAM and Snort still stuck on the
 road...
>      > after Not Using PCAP_FRAMES...
>      What do you mean by stuck on the road ? Can you give us a
 screenshot
>      of Snort running on your computer ?
> 
>      Snort stuck its process, there is no any clue or message at all
 for this
>      issue.
>      I am using TSL for snort box, and I using the default env.
 (without
>      xserver)
>      I can't capture any screenshot, (i didn't also remote it using
 ssh
>      (^^!))
> 
>      - Have you test your Snort installation first to test all your
 rules,
>      using -t (if I am not mistaken) ?
> 
>      Yes indeed, I have test it using this following command:
>      snort -c /etc/snort/snort.conf -T
> 
>      - Are you using Snort as a Daemon ?
> 
>      Nope, for a first shake its run with this following command
>      snort -c /etc/snort/snort.conf -A console -K ascii
>      so I can notice what was snort done to console.
> 
>      - Are there any traffic on your network that is monitored by
 Snort ?
> 
>      Nope, because my snort was hanging around the process, there
>      is no packets was detected, even for a small parts.
> 
>      Just like Joel says, that my box was lack of memory,
>      now I am trying to use 1 GB of memory :)
> 
>      Thanks for your response Tedi :)
>      Happy days...
>      Rachmat Hidayat Al Anshar
> 
>      --
>      cheers,
> 
>      tedi
>      Blog      : [5]http://theriyanto.wordpress.com
>      Website : [6]http://tedi.heriyanto.net
>      You Need More Than Awareness : Stay Alert!
> 
>  
  --------------------------------------------------------------------------
> 
>      Never miss a thing. [7]Make Yahoo your homepage.
> 
>  
  --------------------------------------------------------------------------
> 
>      Be a better friend, newshound, and know-it-all with Yahoo!
>      Mobile. [8]Try it
>    
  now.-------------------------------------------------------------------------
>      This [9]SF.net email is sponsored by: Microsoft
>      Defy all challenges. Microsoft(R) Visual Studio 2005.
>    
  [10]http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________
>      Snort-users mailing list
>      [11]Snort-users at lists.sourceforge.net
>      Go to this URL to change user options or unsubscribe:
>      [12]https://lists.sourceforge.net/lists/listinfo/snort-users
>      Snort-users list archive:
>    
  [13]http://www.geocrawler.com/redir-sf.php3?list=snort-users-------------------------------------------------------------------------
>      This [14]SF.net email is sponsored by: Microsoft
>      Defy all challenges. Microsoft(R) Visual Studio 2005.
>    
  [15]http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________
>      Snort-users mailing list
>      [16]Snort-users at lists.sourceforge.net
>      Go to this URL to change user options or unsubscribe:
>      [17]https://lists.sourceforge.net/lists/listinfo/snort-users
>      Snort-users list archive:
>      [18]http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
>  
  --------------------------------------------------------------------------
> 
>    Looking for last minute shopping deals? [19]Find them fast with
 Yahoo!
>    Search.
> 
> References
> 
>    Visible links
>    1. mailto:joel.esler at ...1935...
>    2. mailto:rachmat_hidayat_02 at ...131...
>    3. mailto:Snort-users at lists.sourceforge.net
>    4. mailto:rachmat_hidayat_02 at ...131...
>    5. http://theriyanto.wordpress.com/
>    6. http://tedi.heriyanto.net/
>    7. http://us.rd.yahoo.com/evt=51438/*http:/www.yahoo.com/r/hs
>    8.
 http://us.rd.yahoo.com/evt=51733/*http:/mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ%20
>    9. http://sf.net/
>   10.
 http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________
>   11. mailto:Snort-users at lists.sourceforge.net
>   12. https://lists.sourceforge.net/lists/listinfo/snort-users
>   13.
 http://www.geocrawler.com/redir-sf.php3?list=snort-users-------------------------------------------------------------------------
>   14. http://sf.net/
>   15.
 http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________
>   16. mailto:Snort-users at lists.sourceforge.net
>   17. https://lists.sourceforge.net/lists/listinfo/snort-users
>   18. http://www.geocrawler.com/redir-sf.php3?list=snort-users
>   19.
 http://us.rd.yahoo.com/evt=51734/*http:/tools.search.yahoo.com/newsearch/category.php?category=shopping






-----
joel esler
828A A216 6D95 A6BB B386  54F3 ACE3 B833 5F51 4902 






      ____________________________________________________________________________________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20080108/de699ee3/attachment.html>


More information about the Snort-users mailing list