Snort mailing list archives
Fwd: Snort 'hangs'
From: conma293 <conma293 () gmail com>
Date: Wed, 9 Apr 2014 17:15:58 +1200
Sent from my iPhone Begin forwarded message:
From: "Matheus Condi'ez" <conma293 () gmail com> Date: 9 April 2014 4:17:49 PM NZST To: snort-users () lists sourceforge net Subject: Snort 'hangs' I have Snort running as an Ubuntu VM on a fedora host in two seperate dev environments with differing levels of traffic - one predominantly smtp (low levels) one web (high levels). Versions - Snort: v2.9.6 Barnyard2-1.13 DAQ: v2.0.2 Current ruleset is community rules 28th Mar The sensor in the low traffic smtp environment runs smooth The sensor in the other environment however... Snort runs fine for 3~9days, it will then stop outputting U2's for Barnyard. Upon attempting to kill the snort process under sudo and/or root it fails to actually kill the process. Killing the barnyard2 process is fine, as is killing the snort process if it is still outputting unified2. I often see the following outputs, which may or may not be related (almost certainly not by2) - Snort: s5: session exceeded configured max bytes to queue LWstate 0x1 LWFlags (have updated memcap to half the max @500MB) Barnyard2: 'lonely packet'; WARNING database called with Event Type [7] (P)acket [0x0] I am at a loss as what to do now as I seem to have to reboot the sensor to kill the snort process every couple of days or so.
------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Fwd: Snort 'hangs' conma293 (Apr 08)
- Message not available
- Re: Fwd: Snort 'hangs' Matheus Condi'ez (Apr 09)
- Re: Fwd: Snort 'hangs' Matheus Condi'ez (Apr 09)
- Re: Fwd: Snort 'hangs' Y M (Apr 09)
- Re: Fwd: Snort 'hangs' Tom Peters (thopeter) (Apr 11)
- Message not available
- Re: Fwd: Snort 'hangs' Matheus Condi'ez (Apr 12)
- Message not available
- Re: Fwd: Snort 'hangs' Matheus Condi'ez (Apr 21)
- Message not available
- Message not available
- Fwd: Fwd: Snort 'hangs' Matheus Condi'ez (Apr 22)
- Re: Fwd: Snort 'hangs' Matheus Condi'ez (Apr 09)
- Message not available