snort 2.02 cant start automactically

["th0ri4.wang" <th0ri4 () yahoo com cn>]

thanks

i have show it to you, full file of /var/log/messenges
is here:



James Riden <j.ridAug 23 18:14:42 andreas kernel:
device eth0 left promiscuous mode
Aug 23 18:14:43 andreas kernel: Kernel logging (proc)
stopped.
Aug 23 18:14:43 andreas kernel: Kernel log daemon
terminating.
Aug 23 18:14:43 andreas exiting on signal 15
Aug 23 18:15:28 andreas syslogd 1.4.1#10: restart.
Aug 23 18:15:28 andreas kernel: klogd 1.4.1#10, log
source = /proc/kmsg started.
Aug 23 18:15:28 andreas kernel: Inspecting
/boot/System.map-2.4.18
Aug 23 18:15:29 andreas kernel: Loaded 13534 symbols
from /boot/System.map-2.4.18.
Aug 23 18:15:29 andreas kernel: Symbols match kernel
version 2.4.18.
Aug 23 18:15:29 andreas kernel: No module symbols
loaded.
Aug 23 18:15:29 andreas kernel: Linux version 2.4.18
(root@andreas) (gcc version 2.95.4 20011002 (Debian
prerelease)) #1 Sun Aug 22 16:17:02 CST 2004
Aug 23 18:15:29 andreas kernel: BIOS-provided physical
RAM map:
Aug 23 18:15:29 andreas kernel:&nbsp; BIOS-e820:
0000000000000000 - 000000000009f800 (usable)
Aug 23 18:15:29 andreas kernel:&nbsp; BIOS-e820:
000000000009f800 - 00000000000a0000 (reserved)
Aug 23 18:15:29 andreas kernel:&nbsp; BIOS-e820:
00000000000dc000 - 00000000000e0000 (reserved)
Aug 23 18:15:29 andreas kernel:&nbsp; BIOS-e820:
00000000000e4000 - 0000000000100000 (reserved)
Aug 23 18:15:29 andreas kernel:&nbsp; BIOS-e820:
0000000000100000 - 0000000003ef0000 (usable)
Aug 23 18:15:29 andreas kernel:&nbsp; BIOS-e820:
0000000003ef0000 - 0000000003eff000 (ACPI data)
Aug 23 18:15:29 andreas kernel:&nbsp; BIOS-e820:
0000000003eff000 - 0000000003f00000 (ACPI NVS)
Aug 23 18:15:29 andreas kernel:&nbsp; BIOS-e820:
0000000003f00000 - 0000000004000000 (usable)
Aug 23 18:15:29 andreas kernel:&nbsp; BIOS-e820:
00000000fec00000 - 00000000fec10000 (reserved)
Aug 23 18:15:29 andreas kernel:&nbsp; BIOS-e820:
00000000fee00000 - 00000000fee01000 (reserved)
Aug 23 18:15:29 andreas kernel:&nbsp; BIOS-e820:
00000000fffe0000 - 0000000100000000 (reserved)
Aug 23 18:15:29 andreas kernel: On node 0 totalpages:
16384
Aug 23 18:15:29 andreas kernel: zone(0): 4096 pages.
Aug 23 18:15:29 andreas kernel: zone(1): 12288 pages.
Aug 23 18:15:29 andreas kernel: zone(2): 0 pages.
Aug 23 18:15:29 andreas kernel: Kernel command line:
auto BOOT_IMAGE=Linux ro root=301
Aug 23 18:15:29 andreas kernel: Initializing CPU#0
Aug 23 18:15:29 andreas kernel: Detected 996.126 MHz
processor.
Aug 23 18:15:29 andreas kernel: Console: colour VGA+
80x25
Aug 23 18:15:29 andreas kernel: Calibrating delay
loop... 1998.84 BogoMIPS
Aug 23 18:15:29 andreas kernel: Memory: 62556k/65536k
available (864k kernel code, 2528k reserved, 235k
data, 188k init, 0k highmem)
Aug 23 18:15:29 andreas kernel: Dentry-cache hash
table entries: 8192 (order: 4, 65536 bytes)
Aug 23 18:15:29 andreas kernel: Inode-cache hash table
entries: 4096 (order: 3, 32768 bytes)
Aug 23 18:15:29 andreas kernel: Mount-cache hash table
entries: 1024 (order: 1, 8192 bytes)
Aug 23 18:15:29 andreas kernel: Buffer-cache hash
table entries: 4096 (order: 2, 16384 bytes)
Aug 23 18:15:29 andreas kernel: Page-cache hash table
entries: 16384 (order: 4, 65536 bytes)
Aug 23 18:15:29 andreas kernel: CPU: L1 I Cache: 64K
(64 bytes/line), D cache 64K (64 bytes/line)
Aug 23 18:15:29 andreas kernel: CPU: L2 Cache: 256K
(64 bytes/line)
Aug 23 18:15:29 andreas kernel: Intel machine check
architecture supported.
Aug 23 18:15:29 andreas kernel: Intel machine check
reporting enabled on CPU#0.
Aug 23 18:15:29 andreas kernel: CPU: AMD Athlon(tm)
processor stepping 02
Aug 23 18:15:29 andreas kernel: Enabling fast FPU save
and restore... done.
Aug 23 18:15:29 andreas kernel: Checking 'hlt'
instruction... OK.
Aug 23 18:15:29 andreas kernel: POSIX conformance
testing by UNIFIX
Aug 23 18:15:29 andreas kernel: PCI: PCI BIOS revision
2.10 entry at 0xfd9a0, last bus=1
Aug 23 18:15:29 andreas kernel: PCI: Using
configuration type 1
Aug 23 18:15:29 andreas kernel: PCI: Probing PCI
hardware
Aug 23 18:15:29 andreas kernel: PCI: Using IRQ router
PIIX [8086/7110] at 00:07.0
Aug 23 18:15:29 andreas kernel: Limiting direct
PCI/PCI transfers.
Aug 23 18:15:29 andreas kernel: Linux NET4.0 for Linux
2.4
Aug 23 18:15:29 andreas kernel: Based upon Swansea
University Computer Society NET3.039
Aug 23 18:15:29 andreas kernel: Initializing RT
netlink socket
Aug 23 18:15:29 andreas kernel: Starting kswapd
Aug 23 18:15:29 andreas kernel: pty: 256 Unix98 ptys
configured
Aug 23 18:15:29 andreas kernel: Serial driver version
5.05c (2001-07-08) with MANY_PORTS SHARE_IRQ
SERIAL_PCI enabled
Aug 23 18:15:29 andreas kernel: ttyS00 at 0x03f8 (irq
= 4) is a 16550A
Aug 23 18:15:29 andreas kernel: ttyS01 at 0x02f8 (irq
= 3) is a 16550A
Aug 23 18:15:29 andreas kernel: block: 128 slots per
queue, batch=32
Aug 23 18:15:29 andreas kernel: Uniform Multi-Platform
E-IDE driver Revision: 6.31
Aug 23 18:15:29 andreas kernel: ide: Assuming 33MHz
system bus speed for PIO modes; override with
idebus=xx
Aug 23 18:15:29 andreas kernel: PIIX4: IDE controller
on PCI bus 00 dev 39
Aug 23 18:15:29 andreas kernel: PIIX4: chipset
revision 1
Aug 23 18:15:29 andreas kernel: PIIX4: not 100%%
native mode: will probe irqs later
Aug 23 18:15:29 andreas
kernel:&nbsp;&nbsp;&nbsp;&nbsp; ide0: BM-DMA at
0x1410-0x1417, BIOS settings: hda:DMA, hdb:pio
Aug 23 18:15:29 andreas
kernel:&nbsp;&nbsp;&nbsp;&nbsp; ide1: BM-DMA at
0x1418-0x141f, BIOS settings: hdc:DMA, hdd:pio
Aug 23 18:15:29 andreas kernel: hda: VMware Virtual
IDE Hard Drive, ATA DISK drive
Aug 23 18:15:29 andreas kernel: hdc: VMware Virtual
IDE CDROM Drive, ATAPI CD/DVD-ROM drive
Aug 23 18:15:29 andreas kernel: ide0 at
0x1f0-0x1f7,0x3f6 on irq 14
Aug 23 18:15:29 andreas kernel: ide1 at
0x170-0x177,0x376 on irq 15
Aug 23 18:15:29 andreas kernel: hda: 8388608 sectors
(4295 MB) w/32KiB Cache, CHS=522/255/63, UDMA(33)
Aug 23 18:15:29 andreas kernel: hdc: ATAPI 52X CD-ROM
drive, 128kB Cache, UDMA(33)
Aug 23 18:15:29 andreas kernel: Uniform CD-ROM driver
Revision: 3.12
Aug 23 18:15:29 andreas kernel: Partition check:
Aug 23 18:15:29 andreas kernel:&nbsp; hda: hda1 hda2 <
hda5 >
Aug 23 18:15:29 andreas kernel: pcnet32_probe_pci:
found device 0x001022.0x002000
Aug 23 18:15:29 andreas kernel: PCI: Found IRQ 10 for
device 00:11.0
Aug 23 18:15:29 andreas
kernel:&nbsp;&nbsp;&nbsp;&nbsp; ioaddr=0x001080&nbsp;
resource_flags=0x000101
Aug 23 18:15:29 andreas kernel: eth0: PCnet/PCI II
79C970A at 0x1080, 00 0c 29 c8 ef 5c
Aug 23 18:15:29 andreas kernel: pcnet32:
pcnet32_private lp=c3ebc000 lp_dma_addr=0x3ebc000
assigned IRQ 10.
Aug 23 18:15:29 andreas kernel: pcnet32.c:v1.25kf
17.11.2001 tsbogend () alpha franken de
Aug 23 18:15:29 andreas kernel: Linux Kernel Card
Services 3.1.22
Aug 23 18:15:29 andreas kernel:&nbsp;&nbsp;
options:&nbsp; [pci] [cardbus] [pm]
Aug 23 18:15:29 andreas kernel: NET4: Linux TCP/IP 1.0
for NET4.0
Aug 23 18:15:29 andreas kernel: IP Protocols: ICMP,
UDP, TCP, IGMP
Aug 23 18:15:29 andreas kernel: IP: routing cache hash
table of 512 buckets, 4Kbytes
Aug 23 18:15:29 andreas kernel: TCP: Hash tables
configured (established 4096 bind 4096)
Aug 23 18:15:29 andreas kernel: NET4: Unix domain
sockets 1.0/SMP for Linux NET4.0.
Aug 23 18:15:29 andreas kernel: ds: no socket drivers
loaded!
Aug 23 18:15:29 andreas kernel: VFS: Mounted root
(ext2 filesystem) readonly.
Aug 23 18:15:29 andreas kernel: Freeing unused kernel
memory: 188k freed
Aug 23 18:15:29 andreas kernel: Adding Swap: 771048k
swap-space (priority -1)
Aug 23 18:15:32 andreas kernel: eth0: Promiscuous mode
enabled.
Aug 23 18:15:32 andreas kernel: device eth0 entered
promiscuous mode
Aug 23 18:15:33 andreas kernel: device eth0 left
promiscuous mode
Aug 23 18:22:48 andreas kernel: eth0: Promiscuous mode
enabled.
Aug 23 18:22:48 andreas kernel: device eth0 entered
promiscuous mode
----------------------------------------------------
snort is flapping when reboot , enter promiscuous and
then left, i don't know the reason.


_________________________________________________________
Do You Yahoo!?
150万曲MP3疯狂搜，带您闯入音乐殿堂
http://music.yisou.com/
美女明星应有尽有，搜遍美图、艳图和酷图
http://image.yisou.com
1G就是1000兆，雅虎电邮自助扩容！
http://cn.rd.yahoo.com/mail_cn/tag/1g/*http://cn.mail.yahoo.com/event/mail_1g/


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=5047&alloc_id=10808&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users