[Snort-users] Snort refuses to start/run on Ubuntu 13.04

Mayur Patil ram.nath241089 at ...11827...
Fri Jun 14 23:10:41 EDT 2013


Thanks Tony for sharing useful information for users of Ubuntu 13.04 and
Snort.

-- 
*Cheers,
Mayur*.

On Sat, Jun 15, 2013 at 7:11 AM, Tony Robinson
<deusexmachina667 at ...11827...>wrote:

> Nevermind, I figured it out. I *thought* I had allocated 1GB of ram to the
> virtual machine I'm testing autosnort for Ubuntu 13.04 on, and found out I
> had allocated only 384mb of ram. What led me to realize it was memory?
>
> I did some googling around, and using the query "kernel:" "send sigkill
> to" led me to this:
> http://coltf.blogspot.com/p/android-os-processes-and-zygote.html
>
> While yes, android is vastly different from Linux in many ways, they're
> both linux. Mid way down the blog I found a print statement for a function
> that seems to be doing exactly what Ubuntu was doing to my box when I
> attempted to start up snort.
>
> If the system is low on memory, find a process to kill. In this case,
> snort kept using more memory than what was available when I attempted to
> start it, and the system kept automatically killing it (I wonder why it
> wasn't using swap space?)
>
> Ran free -m, facepalmed, then added more RAM, problem resolved.
>
> On Fri, Jun 14, 2013 at 8:29 PM, James Lay <jlay at ...13475...>wrote:
>
>>
>> On Jun 14, 2013, at 5:50 PM, Tony Robinson <deusexmachina667 at ...11827...>
>> wrote:
>>
>> > Hello,
>> >
>> > Wondering if any of you experienced a problem starting up snort on
>> Ubuntu 13.04?
>> >
>> > I get snort 2.9.4.6 to install and compile happily on a barebones 13.04
>> Server install, but the minute I go to run snort I get this on the terminal:
>> >
>> > root at ...16408...:~# ps -ef | grep snort
>> > root      1691  1641  0 19:43 pts/0    00:00:00 grep --color=auto snort
>> > root at ...16408...:~# bash /etc/rc.local
>> > /etc/rc.local: line 15:  1699 Killed
>>  /usr/local/snort/bin/snort -D -u snort -g snort -c
>> /usr/local/snort/etc/snort.conf -i eth1
>>
>> Run it command line…first start with a test:
>>
>> sudo snort -T -c /usr/local/snort/etc/snort.conf
>>
>> if that's good try:
>>
>> sudo /usr/local/snort/bin/snort -u snort -g snort -c
>> /usr/local/snort/etc/snort.conf -i eth1
>>
>> Curious to see the output of the above if you can provide.
>>
>> James
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130615/86faf94e/attachment.html>


More information about the Snort-users mailing list