Snort mailing list archives

Re: Re: Dying

From: Jason Haar <Jason.Haar () trimble co nz>
Date: Wed, 12 Sep 2001 21:57:53 +1200

On Wed, Sep 12, 2001 at 10:06:43AM +0200, Michael Schwartzkopff wrote:

-- Version 1.8.1-RELEASE (Build 74)
also dies from time to time (once, twice a day). My configuration is SuSE 7.1 
and enough disk space and CPU capacity.


Well I have 1.8.1-RELEASE running 100% fine under RH 6.2 and RH 7.1 - so
this ain't a "me too" :-)

However, on earlier builds I did have this problem. What the developers need
to hear is _why_ it's dieing.

Try running snort out of a script that does something like this:

#!/bin/sh
snort --options--- > /var/log/snort.err 2>&1
if [ "$?" != "0" ]; then 
 mv /var/log/snort.err /var/log/snort.err-`date +%s`
fi

if you run that under daemontools or out of inittab, then it will be
autostarting, AND will give you a nice timestamped logfile containing
everything snort outputed to stderr and sdtout while it ran - hopefully
including the fault that caused it to crash.

My guess would be memory. If snort needed more RAM than it had access to
(prob. due to stream4 tcp session tracing), then it would spit the dummy...

-- 
Cheers

Jason Haar

Unix/Special Projects, Trimble NZ
Phone: +64 3 9635 377 Fax: +64 3 9635 417

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

dying Neal Timm (Sep 11)
- <Possible follow-ups>
- Re: Dying Michael Schwartzkopff (Sep 12)
  - Re: Re: Dying Jason Haar (Sep 12)