Snort mailing list archives
Re: snort stops doing anything, but keeps running.
From: Erek Adams <erek () theadamsfamily net>
Date: Tue, 13 Nov 2001 15:58:57 -0800 (PST)
On Wed, 14 Nov 2001, Brock Henry wrote:
I am running snort on a redhat 7.1 box. pentium 500MHz(ish, can't remember), 128MB ram. snort version Version 1.8.1-RELEASE (Build 74), libpcap-0.4-39
Two things, just off the cuff: Upgrade to 1.8.2, which has quite a few little bugfixes in it. Upgrade from RH's pcap--Grab the newest one from http://www.tcpdump.org/release/libpcap-0.6.2.tar.gz Or if you wait a little bit, 1.8.3 will be out real soon now. :) [...snip...]
It is still running, as in ps aux | grep snort, but doesn't seem to be doing anything, also because it doesn't actually die, obviously I have no core file I can gdb.
Try running snort under gdb, you might see something odd there. Or use strace on it and see what it's doing at that moment.
I compiled --enable-debug in it, but couldn't see much extra, I ran the command line snort -de -l /var/log/snort -h 1.1.1.0/24 -c /home/brock/snort/snort.conf > snortlog 2> snortlog.2 After it stops, I checked the tailends of snortlog and snortlog.2 but can see nothing obvious.
What command line params are you passing it? What preprocessors and plugins do you have enabled? It might not be snort itself, but perhaps something else. [...snip...] Part of me wants to point fingers at RedHat and/or Linux, since I've never seen this behavior with Solaris or *BSD. If you can, drop another OS on there and see what happens. Sorry I can't give you any better of an answer. ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort stops doing anything, but keeps running. Brock Henry (Nov 13)
- Re: snort stops doing anything, but keeps running. Erek Adams (Nov 13)