Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort stopping after about 12 hours

From: Matt Kettler <mkettler () evi-inc com>
Date: Wed, 05 Dec 2001 14:33:39 -0500
do you have the spade-threshlearn preprocessor on? If so, this is what you asked for.. turn that preprocessor off.
From the spade usage file: (what they don't clearly tell you is that after the obs-time snort as a whole shuts down to generate the report. Or at least, that's the behavior I observed.) 


preprocessor spade-threshlearn: <num-scores> <obs-time>

This mode is enabled for <obs-time> hours (default 24), after which it reports
on the threshold that would have been needed to produce <num-scores> scores
(default 200) during that time.  At the end of the time period, a report about
this is generated to the log file specified on the main sensor configuration
line.  An intermediate report is produced on every SIGHUP, SIGQUIT, SIGINT,
and SIGUSR1 and on Snort exit.



At 11:14 AM 12/5/2001, Patrick S. Harper wrote:

I have a snort box at a client that has snort running as a daemon.  It
stops after about 12 hours of operation.  I was wondering if anyone had
seen this before



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: