Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort silently dying...

From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Mon, 9 Mar 2015 22:04:07 +0000
The first thing I'd suggest is that you update to a current version of Snort.  As the version you are using is 2.9.6.0 
and is EOL.  That may fix the problem.

--
Joel Esler
Sent from my iPhone

On Mar 9, 2015, at 5:00 PM, Carlos G Mendioroz <tron () acm org<mailto:tron () acm org>> wrote:

Hi,
Version 2.9.6.0 GRE (Build 47), running on Ubuntu 14.04.
W/o any change, it started to die. I'm usually running 2 copies (one per
interface of interest, so to say).
I do report to dshield and became suspicious because I had not reported
anything in a day. Checked and there was only one of them running.

Most alarms I get come from SIP attacks. There is no "unusual activity"
that I'm aware of, but something is killing it.

Is there anything easy to track this down, short of starting a packet
trace and correlating the time of death (indicated by the interface
leaving promiscuous mode only) ?

I should update too, I guess, but that will be like sweeping under the
rug, wouln't it ?

TIA,
--
Carlos G Mendioroz  <tron () acm org<mailto:tron () acm org>>

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: