[Snort-users] Snort silently dying...

Carlos G Mendioroz tron at ...4514...
Tue Mar 10 21:56:26 EDT 2015


Under the rug it will be then :)
2.9.7.0 is holding so far.
-Carlos

Joel Esler (jesler) @ 09/03/2015 19:04 -0300 dixit:
> The first thing I'd suggest is that you update to a current version of
> Snort.  As the version you are using is 2.9.6.0 and is EOL.  That may
> fix the problem.  
> 
> --
> *Joel Esler* 
> Sent from my iPhone
> 
> On Mar 9, 2015, at 5:00 PM, Carlos G Mendioroz <tron at ...4514...
> <mailto:tron at ...4514...>> wrote:
> 
>> Hi,
>> Version 2.9.6.0 GRE (Build 47), running on Ubuntu 14.04.
>> W/o any change, it started to die. I'm usually running 2 copies (one per
>> interface of interest, so to say).
>> I do report to dshield and became suspicious because I had not reported
>> anything in a day. Checked and there was only one of them running.
>>
>> Most alarms I get come from SIP attacks. There is no "unusual activity"
>> that I'm aware of, but something is killing it.
>>
>> Is there anything easy to track this down, short of starting a packet
>> trace and correlating the time of death (indicated by the interface
>> leaving promiscuous mode only) ?
>>
>> I should update too, I guess, but that will be like sweeping under the
>> rug, wouln't it ?
>>
>> TIA,
>> -- 
>> Carlos G Mendioroz  <tron at ...4514... <mailto:tron at ...4514...>>
>>
>> ------------------------------------------------------------------------------
>> Dive into the World of Parallel Programming The Go Parallel Website,
>> sponsored
>> by Intel and developed in partnership with Slashdot Media, is your hub
>> for all
>> things parallel software development, from weekly thought leadership
>> blogs to
>> news, videos, case studies, tutorials and more. Take a look and join the
>> conversation now. http://goparallel.sourceforge.net/
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> <mailto:Snort-users at lists.sourceforge.net>
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest
>> Snort news!

-- 
Carlos G Mendioroz  <tron at ...4514...>




More information about the Snort-users mailing list