Snort mailing list archives
Problem initializing SNORT
From: "Manuel Humberto Santander Pelaez" <msantand () palmiferousinc com>
Date: Mon, 23 Jul 2001 12:45:44 -0500
Hello. I just installed snort within a switched environment with two NIC, one of them without an IP address. When I try to startup snort, shows me a single, sometimes two traffic message before dying with the following message: -*> Snort! <*- Version 1.8-RELEASE (Build 43) By Martin Roesch (roesch () sourcefire com, www.snort.org) exhausted all 0 blocks of 1 treeroots; exiting; you might want to increase DEFAULT_MAX_ROOT_BLOCKS or DEFAULT_ROOT_BLOCK_SIZE in params.h next free root: 0; int: 0, leaf: 0 Does anyone know what I?m doing wrong? This is the initialization log: [root@nids /root]# snort -c /etc/snort/snort.conf -i eth1 --== Initializing Snort ==-- Checking PID path... PATH_VARRUN is set to /var/run/ on this operating system Initializing Network Interface eth1 WARNING: OpenPcap() device eth1 network lookup: eth1: no IPv4 address assigned Decoding Ethernet on interface eth1 Initializing Preprocessors! Initializing Plug-ins! Initializating Output Plugins! Parsing Rules file /etc/snort/snort.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... No arguments to frag2 directive, setting defaults to: Fragment timeout: 60 seconds Fragment memory cap: 4194304 bytes No arguments to stream4 directive, setting defaults to: Session timeout: 30 seconds Session memory cap: 8388608 bytes Stateful Inspection: ACTIVE Stream Reassembly: INACTIVE Stream Stats: INACTIVE State Alerts: ACTIVE No arguments to stream4_reassemble, setting defaults: Reassemble client: ACTIVE Reassemble server: INACTIVE Reassemble ports: 21 23 25 53 80 143 110 111 513 Reassembly alerts: ACTIVE Back Orifice detection brute force: DISABLED Using LOCAL time Anomoly sensor threshold adapting repeadly specified, ignoring later specification: 0.01 15 4 24 7 database: compiled support for ( mysql ) database: configured to use mysql database: user = root database: password is set database: database name = snort database: host = localhost database: sensor name = nids database: sensor id = 1 database: schema version = 103 database: using the "log" facility database: compiled support for ( mysql ) database: configured to use mysql database: user = root database: password is set database: database name = snort database: host = localhost database: sensor name = nids database: sensor id = 1 database: schema version = 103 database: using the "alert" facility 919 Snort rules read... 919 Option Chains linked into 150 Chain Headers 0 Dynamic rules +++++++++++++++++++++++++++++++++++++++++++++++++++ Rule application order: ->activation->dynamic->alert->pass->log --== Initialization Complete ==-- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Problem initializing SNORT Manuel Humberto Santander Pelaez (Jul 23)