Snort mailing list archives

Re: Snort dies after a few days.

From: Emilio Mira <emial () alumni uv es>
Date: Mon, 25 Mar 2002 12:31:41 +0100 (CET)


Whether this can help, I'll append more messages from syslogd:

Mar  7 21:15:17 abc kernel: fore200e: damaged PDU on 0.0.226
Mar  7 21:15:17 abc kernel: fore200e: damaged PDU on 0.0.226
Mar  7 21:15:17 abc kernel: fore200e: damaged PDU on 0.0.225
Mar  7 21:15:17 abc kernel: fore200e: damaged PDU on 0.0.425
Mar  7 21:15:51 abc snort: Snort received signal 15, exiting
Mar  7 21:15:51 abc kernel: device atm0 left promiscuous mode
Mar  7 21:18:17 abc kernel: fore200e: damaged PDU on 0.0.225
Mar  7 21:18:17 abc kernel: fore200e: damaged PDU on 0.0.226
Mar  7 21:18:17 abc kernel: fore200e: damaged PDU on 0.0.226
Mar  7 21:18:17 abc kernel: fore200e: damaged PDU on 0.0.225
Mar  7 21:22:15 abc kernel: fore200e: damaged PDU on 0.0.226
Mar  7 21:22:15 abc kernel: fore200e: damaged PDU on 0.0.425
Mar  7 21:22:15 abc kernel: fore200e: damaged PDU on 0.0.225
Mar  7 21:22:15 abc kernel: fore200e: damaged PDU on 0.0.226
Mar  7 21:23:33 abc last message repeated 2 times
Mar  7 21:23:33 abc kernel: fore200e: damaged PDU on 0.0.226

I'm sure nobody was playing with snort at this moment and there aren't any 
scripts running that can send signal 15 to snort.

On Mon, 25 Mar 2002, Scott Nursten wrote:

Hi there, 

Signal 15 is a SIGTERM and is the default for the 'kill' command.

To me, that means there is a good chance it was killed. Anyone on the list
care to confirm that if snort dies, it will log something different to
this??? If it dies on it's own, it shouldn't log signal 15 - should it?

Regards,

Scott 


On 25/3/02 8:56 am, "Emilio Mira Alfaro" <emial () alumni uv es> wrote:

I'm using snort 1.8.4-beta4 I compiled with mysql and flexresp
support, libpcap 0.7.1, on RH 7.2 and it's listening from an ATM
interface. It's running ok, but after a few days, it dies for some
unknown reason. In /var/log/messages I get:

Mar  24 10:40:57 abc snort: Snort received signal 15, exiting
Mar  24 10:40:57 abc kernel: device atm0 left promiscuous mode

I recently updated RH 6.2 to RH 7.2 and snort 1.8.2 to 1.8.4-beta4.
When I worked with RH 6.2 and snort 1.8.2 I hadn't this problem.

Any ideas?

Thanks in advance.

--
Emilio Mira
e-mail: emial () alumni uv es







_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list


-- 
Emilio Mira
e-mail:         emial () alumni uv es



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Re: Snort dies after a few days., (continued)
- - Re: Snort dies after a few days. Bill McCarty (Mar 25)
    - Re: Snort dies after a few days. ___cliff rayman___ (Mar 25)
  - Re: Snort dies after a few days. Bill McCarty (Mar 25)
  - Re: Snort dies after a few days. Bill McCarty (Mar 25)
  - Re: Snort dies after a few days. Bill McCarty (Mar 25)
    - Re: Snort dies after a few days. Shane Williams (Mar 25)
    - Re: Snort dies after a few days. Phil Wood (Mar 26)
- Re: Snort dies after a few days. Chris Green (Mar 25)
- Re: Snort dies after a few days. Scott Nursten (Mar 27)
  - Re: Snort dies after a few days. Emilio Mira (Mar 27)
- Re: Snort dies after a few days. Emilio Mira (Mar 25)
- RE: Snort dies after a few days. Kjetil Laasby (Mar 25)