RE: Snort service stop

["Oxenreider, Jeff" <jox () safelite com>]

Yes.  We have been having the problem with each of the 1.8 and 1.8 betas.
No errors, no core dumps, no info in the logs, nothing.  Snort just stops.
I have a cron job that checks to see if snort is running every 5 minutes,
just to make sure it stays up.

We've been hoping that it will get better with newer versions, but so far,
we've just been living with it.

This is what we get in the logs:

Aug  6 14:19:33 bomber kernel: device eth1 left promiscuous mode
Aug  6 14:20:01 bomber snort0: Checking PID path...
Aug  6 14:20:01 bomber snort0: PATH_VARRUN is set to /var/run/ on this
operating system
Aug  6 14:20:01 bomber snort0: Initializing daemon mode
Aug  6 14:20:01 bomber kernel: device eth1 entered promiscuous mode
Aug  6 14:20:01 bomber snort0: snort0 startup succeeded
Aug  6 14:20:01 bomber snort0: Snort initialization completed successfully,
Snort running

etc, etc, etc...

I have this issue on 2 of the 9 sensors that I'm running, they just happen
to be the two that i have the most traffic on, so it appears to be a load
related issue.  I can't figure out how to put it into a "debug" or "more
info" kind of mode, but we've been so swamped that it's just been easier to
cron it and restart.  But now we've slowed a bit, and really need to get
this fixed.  

Thanks for getting me off my butt... :)



Jeffrey A. Oxenreider
Senior Network/Security Engineer
Safelite Glass Corp

-----Original Message-----
From: gerhard () wtci net [mailto:gerhard () wtci net]
Sent: Monday, August 06, 2001 2:34 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort service stop


Hi Guys,

I was checking the archives, but do not find info on my problem.
I'm running Snort 1.8p1, beautiful... logging on MySQL.
Have 2 nics, 1 promiscuous and other to talk to db.
Problem is when the connection to the db is lost, even for a split second
the snort service stop.
The only entry in the log is " device eth0 left promiscuous mode"
What do I have to check , was thinking of running a cron to restart service
,but missing the point then.

Has anyone had the same problem ?
Thank you
Gerhard

***CONFIDENTIALITY NOTICE***This email contains confidential information
which may also be legally privileged and which is intended only for the use
of the recipient(s) named above. If you are not the intended recipient, you
are hereby notified that forwarding or copying of this email, or the taking
of any action in reliance on its contents, may be strictly prohibited. If
you have received this email in error, please notify us immediately by reply
email and delete this message from your inbox. Thank you.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users