Snort mailing list archives
Re: Why does the Snort process stop?
From: beenph <beenph () gmail com>
Date: Tue, 25 Jan 2011 09:20:08 -0500
I would recommend you to use screen (the program) and start both process in console so that you can see what is happening. On Tue, Jan 25, 2011 at 9:14 AM, Atkins, Dwane P <ATKINSD () uthscsa edu> wrote:
What am I doing wrong? Yesterday it the Snort process lasted almost 12 hours. Before it was almost 48. If there a place where I can go look at why it quit? I saw one instance in my /var/log/messages where the interface enters promiscuous mode and then leave it. Where do I start? I have this on a Dell PowerEdge 2800 so it has enough processor. What about memory requirements? What is the minimum for an intensive packet sniff? Can I append a troubleshooting log to a file so I can see what is happening? Thank you all for your help Dwane ps -ef | grep snort root 1561 1415 0 Jan21 ? 00:41:07 /usr/local/bin/barnyard2 -c /usr/local/snort/etc/barnyard2.conf -G /usr/local/snort/etc/gen-msg.map -S /usr/local/snort/etc/sid-msg.map -d /var/log/snort -f snort.u2 -w /var/log/snort/barnyard2.waldo dubay 5231 5198 0 08:13 pts/0 00:00:00 grep --color=auto snort dubay@Wilbur:/var/log/snort$ more /etc/rc.local #!/bin/sh -e # # rc.local # # This script is executed at the end of each multiuser runlevel. # Make sure that the script will "exit 0" on success or any other # value on error. # # In order to enable or disable this script just change the execution # bits. # # By default this script does nothing. # configured to bring up eth1 on reboot ifconfig eth1 up # configured to bring up snort /usr/local/snort/bin/snort -D -u snort -g snort -c /usr/local/snort/etc/snort.conf -i eth1 # configured to bring up barnyard2 on reboot /usr/local/bin/barnyard2 -c /usr/local/snort/etc/barnyard2.conf -G /usr/local/snort/etc/gen-msg.map -S /usr/local/snort/etc/sid-msg.map -d /var/log/snort -f snort.u2 -w /var/log/snort/barny ard2.waldo exit 0 ------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Why does the Snort process stop? Atkins, Dwane P (Jan 25)
- Re: Why does the Snort process stop? beenph (Jan 25)
- Re: Why does the Snort process stop? Champ Clark III [Softwink] (Jan 25)
- Re: Why does the Snort process stop? Edward Kryda (Jan 25)
- Re: Why does the Snort process stop? Russ Combs (Jan 25)
- Re: Why does the Snort process stop? Jason Wallace (Jan 25)
- Re: Why does the Snort process stop? Jefferson, Shawn (Jan 25)
- Re: Why does the Snort process stop? Russ Combs (Jan 25)