Snort mailing list archives
Snort 1.9.0 Hard Crashes/Lockups
From: "Ricardo, Gerson" <gricardo () gableseng com>
Date: Thu, 6 Feb 2003 13:34:45 -0500
Most every time i start snort on my linux (RH 7.3) server it locks up at wholly sporadic times. If snort isn't running,
the machine works quite fine. Mind you it captures/processes packets beautifully while the system is responsive - but
when it does lock up it's frozen - requires a hard reboot. There's no shocking messages in /var/log, no syslog panic
notifications, nothing i can readily detect. So i humbly ask for a bit of your time in helping a fellow bungler
discover his (hopefully) obvious mistakes. These hard lockups are seemingly random - could be 10 minutes after
initializing the process, could be 5 hours after. For the sake of listing it, the only operational issue i have is
when i try to move objects from the ACID cache into the mysql archive. This is the error I get:
Fatal error: Call to a member function on a non-object in /var/www/html/acid/acid_db.inc on line 93
I somehow don't think that the lockups and the aforementioned error are related - i'm simply laying the cards on the
table. BTW, line 91,92,93 for the file acid_db.inc read as thus:
91 $myrow = $result->fields;
92 $this->version = $myrow[0];
93 $result->Close();
For any and all who get this far into this question, thanks a million for your time, I hope to be able to repay your
efforts. To give you something to work with I have included several stats/log/conf readings to help preempt any
questions you may have. Thanks again for your help!
gerson ricardo
systems engineer
gables engineering, inc.
miami, florida
**********************
System setup:
**********************
Dell 2650 Dual 2.4Ghz HT Xeons/512k L2 (Dell calls HT 'logical processor')
1GB DDR 1600 Dual Channel Memory (200Mhz)
Broadcom Serverworks Chipset (Supporting PCI-X)
PERC3/Di RAID Controller w/ 128MB Cache (really an imbedded relabeled AMI/LSI raid controller)
Dual onboard GigE Broadcom ethernet ports (eth0 and eth1 - snort sensor on eth1)
Dual 3com 64bit 1000SX PCI Nics (PCI 2.1/64bit/66Mhz) - interfaces currently disabled
2x Internal 33.6GB 15k drives/mirrored and partitioned as follows:
Filesystem Size Used Avail Use% Mounted
/dev/sda6 1.4G 258M 1.1G 19 /
/dev/sda2 76M 33M 39M 46 /boot
/dev/sda7 2.0G 33M 1.8G 2 /home
none 503M 0 503M 0 /dev/shm
/dev/sda9 494M 12M 456M 3 /tmp
/dev/sda8 8.2G 3.3G 4.5G 42 /usr
/dev/sda3 21G 184M 19G 1 /var
Redhat 7.3 - kernel 2.4.18-19.7.xsmp with Hyper-Threading [HT] support (have turned it on and off - no effect)
Apache 1.3.27 / PHP 4.3.0 ( modules: xml, tokenizer, standard, sockets, session, posix, pcre, overload, mysql, gd,
ctyp, zlib, apache)
Snort 1.9.0
Snortcenter 0.9.6 with one local sensor running Snortagent 0.1.6 (OpenSSL 2.8.15)
ACID v0.9.6b23
MySql ver 8.23 Distrib 3.23.53a, for pc-linux-gnu on i686
Libpcap library - libpcap-0.8.0129 (tried running the default RH version as well)
************************
/var/log/messages
************************
Feb 6 09:43:41 XXXXXXX syslogd 1.4.1: restart.
Feb 6 09:43:41 XXXXXXX syslog: syslogd startup succeeded
Feb 6 09:43:41 XXXXXXX kernel: klogd 1.4.1, log source = /proc/kmsg started.
Feb 6 09:43:41 XXXXXXX kernel: Linux version 2.4.18-19.7.xsmp (bhcompile () stripples devel redhat com) (gcc version
2.96$
Feb 6 09:43:41 XXXXXXX kernel: BIOS-provided physical RAM map:
Feb 6 09:43:41 XXXXXXX kernel: BIOS-e820: 0000000000000000 - 00000000000a0000 (usable)
Feb 6 09:43:41 XXXXXXX kernel: BIOS-e820: 0000000000100000 - 000000003fff0000 (usable)
Feb 6 09:43:41 XXXXXXX kernel: BIOS-e820: 000000003fff0000 - 000000003fffec00 (ACPI data)
Feb 6 09:43:41 XXXXXXX kernel: BIOS-e820: 000000003fffec00 - 000000003ffff000 (reserved)
Feb 6 09:43:41 XXXXXXX kernel: BIOS-e820: 00000000fec00000 - 00000000fec10000 (reserved)
Feb 6 09:43:41 XXXXXXX kernel: BIOS-e820: 00000000fee00000 - 00000000fee10000 (reserved)
Feb 6 09:43:41 XXXXXXX kernel: BIOS-e820: 00000000fff80000 - 0000000100000000 (reserved)
Feb 6 09:43:41 XXXXXXX kernel: 127MB HIGHMEM available.
Feb 6 09:43:41 XXXXXXX kernel: 896MB LOWMEM available.
Feb 6 09:43:41 XXXXXXX kernel: found SMP MP-table at 000fe710
Feb 6 09:43:41 XXXXXXX syslog: klogd startup succeeded
Feb 6 09:43:41 XXXXXXX kernel: hm, page 000fe000 reserved twice.
Feb 6 09:43:41 XXXXXXX kernel: hm, page 000ff000 reserved twice.
Feb 6 09:43:41 XXXXXXX kernel: hm, page 000f0000 reserved twice.
Feb 6 09:43:41 XXXXXXX kernel: On node 0 totalpages: 262128
Feb 6 09:43:41 XXXXXXX kernel: zone(0): 4096 pages.
Feb 6 09:43:41 XXXXXXX kernel: zone(1): 225280 pages.
Feb 6 09:43:41 XXXXXXX kernel: zone(2): 32752 pages.
Feb 6 09:43:41 XXXXXXX kernel: ACPI: Searched entire block, no RSDP was found.
Feb 6 09:43:41 XXXXXXX kernel: ACPI: RSDP located at physical address c00fdc60
Feb 6 09:43:41 XXXXXXX kernel: RSD PTR v0 [DELL ]
Feb 6 09:43:41 XXXXXXX kernel: __va_range(0xfdc74, 0x68): idx=8 mapped at ffff6000
Feb 6 09:43:41 XXXXXXX kernel: ACPI table found: RSDT v1 [DELL PE2650 0.1]
Feb 6 09:43:41 XXXXXXX kernel: __va_range(0xfdca4, 0x24): idx=8 mapped at ffff6000
Feb 6 09:43:41 XXXXXXX kernel: 127MB HIGHMEM available.
Feb 6 09:43:41 XXXXXXX kernel: 896MB LOWMEM available.
Feb 6 09:43:41 XXXXXXX kernel: found SMP MP-table at 000fe710
Feb 6 09:43:41 XXXXXXX syslog: klogd startup succeeded
Feb 6 09:43:41 XXXXXXX kernel: hm, page 000fe000 reserved twice.
Feb 6 09:43:41 XXXXXXX kernel: hm, page 000ff000 reserved twice.
Feb 6 09:43:41 XXXXXXX kernel: hm, page 000f0000 reserved twice.
Feb 6 09:43:41 XXXXXXX kernel: On node 0 totalpages: 262128
Feb 6 09:43:41 XXXXXXX kernel: zone(0): 4096 pages.
Feb 6 09:43:41 XXXXXXX kernel: zone(1): 225280 pages.
Feb 6 09:43:41 XXXXXXX kernel: zone(2): 32752 pages.
Feb 6 09:43:41 XXXXXXX kernel: ACPI: Searched entire block, no RSDP was found.
Feb 6 09:43:41 XXXXXXX kernel: ACPI: RSDP located at physical address c00fdc60
Feb 6 09:43:41 XXXXXXX kernel: RSD PTR v0 [DELL ]
Feb 6 09:43:41 XXXXXXX kernel: __va_range(0xfdc74, 0x68): idx=8 mapped at ffff6000
Feb 6 09:43:41 XXXXXXX kernel: ACPI table found: RSDT v1 [DELL PE2650 0.1]
Feb 6 09:43:41 XXXXXXX kernel: __va_range(0xfdca4, 0x24): idx=8 mapped at ffff6000
Feb 6 09:43:41 XXXXXXX kernel: __va_range(0xfdca4, 0x74): idx=8 mapped at ffff6000
Feb 6 09:43:41 XXXXXXX kernel: ACPI table found: FACP v1 [DELL PE2650 0.1]
Feb 6 09:43:41 XXXXXXX kernel: __va_range(0xfdd18, 0x24): idx=8 mapped at ffff6000
Feb 6 09:43:41 XXXXXXX kernel: __va_range(0xfdd18, 0x88): idx=8 mapped at ffff6000
Feb 6 09:43:41 XXXXXXX kernel: ACPI table found: APIC v1 [DELL PE2650 0.1]
Feb 6 09:43:41 XXXXXXX kernel: __va_range(0xfdd18, 0x88): idx=8 mapped at ffff6000
Feb 6 09:43:41 XXXXXXX kernel: LAPIC (acpi_id[0x0001] id[0x0] enabled[1])
Feb 6 09:43:41 XXXXXXX kernel: CPU 0 (0x0000) enabledProcessor #0 Pentium 4(tm) XEON(tm) APIC version 16
Feb 6 09:43:41 XXXXXXX kernel:
Feb 6 09:43:41 XXXXXXX kernel: LAPIC (acpi_id[0x0002] id[0x2] enabled[1])
Feb 6 09:43:41 XXXXXXX kernel: CPU 1 (0x0200) enabledProcessor #2 Pentium 4(tm) XEON(tm) APIC version 16
Feb 6 09:43:41 XXXXXXX kernel:
Feb 6 09:43:41 XXXXXXX kernel: LAPIC (acpi_id[0x0003] id[0x1] enabled[1])
Feb 6 09:43:41 XXXXXXX kernel: CPU 2 (0x0100) enabledProcessor #1 Pentium 4(tm) XEON(tm) APIC version 16
Feb 6 09:43:41 XXXXXXX kernel:
Feb 6 09:43:41 XXXXXXX kernel: LAPIC (acpi_id[0x0004] id[0x3] enabled[1])
Feb 6 09:43:41 XXXXXXX kernel: CPU 3 (0x0300) enabledProcessor #3 Pentium 4(tm) XEON(tm) APIC version 16
Feb 6 09:43:41 XXXXXXX kernel: IOAPIC (id[0x4] address[0xfec00000] global_irq_base[0x0])
Feb 6 09:43:41 XXXXXXX kernel: IOAPIC (id[0x5] address[0xfec01000] global_irq_base[0x10])
Feb 6 09:43:41 XXXXXXX kernel: IOAPIC (id[0x6] address[0xfec02000] global_irq_base[0x20])
Feb 6 09:43:41 XXXXXXX kernel: LAPIC_NMI (acpi_id[0x0001] polarity[0x1] trigger[0x1] lint[0x1])
Feb 6 09:43:41 XXXXXXX kernel: LAPIC_NMI (acpi_id[0x0002] polarity[0x1] trigger[0x1] lint[0x1])
Feb 6 09:43:41 XXXXXXX kernel: LAPIC_NMI (acpi_id[0x0003] polarity[0x1] trigger[0x1] lint[0x1])
Feb 6 09:43:41 XXXXXXX kernel: LAPIC_NMI (acpi_id[0x0004] polarity[0x1] trigger[0x1] lint[0x1])
Feb 6 09:43:41 XXXXXXX kernel: 4 CPUs total
Feb 6 09:43:41 XXXXXXX kernel: Local APIC address fee000009:43:41 XXXXXXX kernel:
Feb 6 09:43:41 XXXXXXX kernel: __va_range(0xfdda0, 0x24): idx=8 mapped at ffff6000
Feb 6 09:43:41 XXXXXXX kernel: __va_range(0xfdda0, 0x50): idx=8 mapped at ffff6000
Feb 6 09:43:41 XXXXXXX kernel: ACPI table found: SPCR v1 [DELL PE2650 0.1]
Feb 6 09:43:41 XXXXXXX kernel: Enabling the CPU's according to the ACPI table
Feb 6 09:43:41 XXXXXXX kernel: Intel MultiProcessor Specification v1.4
Feb 6 09:43:41 XXXXXXX kernel: Virtual Wire compatibility mode.
Feb 6 09:43:41 XXXXXXX kernel: OEM ID: DELL Product ID: PE 0121 APIC at: 0xFEE00000
Feb 6 09:43:41 XXXXXXX kernel: I/O APIC #4 Version 17 at 0xFEC00000.
Feb 6 09:43:41 XXXXXXX kernel: I/O APIC #5 Version 17 at 0xFEC01000.
Feb 6 09:43:41 XXXXXXX kernel: I/O APIC #6 Version 17 at 0xFEC02000.
Feb 6 09:43:41 XXXXXXX kernel: Processors: 4
Feb 6 09:43:41 XXXXXXX kernel: Kernel command line: ro root=/dev/sda6
Feb 6 09:43:41 XXXXXXX kernel: Initializing CPU#0
Feb 6 09:43:41 XXXXXXX kernel: Detected 2388.882 MHz processor.
Feb 6 09:43:41 XXXXXXX kernel: Speakup v-1.00 CVS: Tue Jun 11 14:22:53 EDT 2002 : initialized
Feb 6 09:43:41 XXXXXXX kernel: Console: colour VGA+ 80x25
Feb 6 09:43:41 XXXXXXX kernel: Calibrating delay loop... 4733.65 BogoMIPS
Feb 6 09:43:41 XXXXXXX kernel: Memory: 1027096k/1048512k available (1281k kernel code, 17836k reserved, 1052k data, 18$
Feb 6 09:43:41 XXXXXXX kernel: Dentry cache hash table entries: 131072 (order: 8, 1048576 bytes)
Feb 6 09:43:41 XXXXXXX kernel: Inode cache hash table entries: 65536 (order: 7, 524288 bytes)
Feb 6 09:43:41 XXXXXXX kernel: Mount cache hash table entries: 16384 (order: 5, 131072 bytes)
Feb 6 09:43:41 XXXXXXX kernel: Buffer cache hash table entries: 65536 (order: 6, 262144 bytes)
Feb 6 09:43:41 XXXXXXX kernel: Page-cache hash table entries: 262144 (order: 8, 1048576 bytes)
Feb 6 09:43:41 XXXXXXX kernel: CPU: L1 I cache: 0K, L1 D cache: 8K
Feb 6 09:43:41 XXXXXXX kernel: CPU: L2 cache: 512K
Feb 6 09:43:41 XXXXXXX kernel: CPU: Physical Processor ID: 0
Feb 6 09:43:41 XXXXXXX rpc.statd[808]: Version 0.3.3 Starting
Feb 6 09:43:41 XXXXXXX kernel: Intel machine check architecture supported.
Feb 6 09:43:41 XXXXXXX kernel: Intel machine check reporting enabled on CPU#0.
Feb 6 09:43:41 XXXXXXX kernel: Enabling fast FPU save and restore... done.
Feb 6 09:43:41 XXXXXXX nfslock: rpc.statd startup succeeded
Feb 6 09:43:41 XXXXXXX kernel: Enabling unmasked SIMD FPU exception support... done.
Feb 6 09:43:41 XXXXXXX kernel: Checking 'hlt' instruction... OK.
Feb 6 09:43:41 XXXXXXX kernel: POSIX conformance testing by UNIFIX
Feb 6 09:43:41 XXXXXXX kernel: mtrr: v1.40 (20010327) Richard Gooch (rgooch () atnf csiro au)
Feb 6 09:43:41 XXXXXXX kernel: mtrr: detected mtrr type: Intel
Feb 6 09:43:41 XXXXXXX kernel: CPU: L1 I cache: 0K, L1 D cache: 8K
Feb 6 09:43:41 XXXXXXX kernel: CPU: L2 cache: 512K
Feb 6 09:43:41 XXXXXXX kernel: CPU: Physical Processor ID: 0
Feb 6 09:43:41 XXXXXXX kernel: Intel machine check reporting enabled on CPU#0.
Feb 6 09:43:41 XXXXXXX kernel: CPU0: Intel(R) Xeon(TM) CPU 2.40GHz stepping 07
Feb 6 09:43:41 XXXXXXX kernel: per-CPU timeslice cutoff: 1462.83 usecs.
Feb 6 09:43:41 XXXXXXX kernel: task migration cache decay timeout: 1 msecs.
Feb 6 09:43:41 XXXXXXX kernel: enabled ExtINT on CPU#0
Feb 6 09:43:41 XXXXXXX kernel: ESR value before enabling vector: 00000040
Feb 6 09:43:41 XXXXXXX kernel: ESR value after enabling vector: 00000000
Feb 6 09:43:41 XXXXXXX kernel: Booting processor 1/1 eip 2000
Feb 6 09:43:41 XXXXXXX kernel: Initializing CPU#1
Feb 6 09:43:41 XXXXXXX kernel: masked ExtINT on CPU#1
Feb 6 09:43:41 XXXXXXX kernel: ESR value before enabling vector: 00000000
Feb 6 09:43:41 XXXXXXX kernel: ESR value after enabling vector: 00000000
Feb 6 09:43:41 XXXXXXX kernel: Calibrating delay loop... 4767.06 BogoMIPS
Feb 6 09:43:41 XXXXXXX kernel: CPU: L1 I cache: 0K, L1 D cache: 8K
Feb 6 09:43:41 XXXXXXX kernel: CPU: L2 cache: 512K
Feb 6 09:43:41 XXXXXXX kernel: CPU: Physical Processor ID: 0
Feb 6 09:43:41 XXXXXXX kernel: Intel machine check reporting enabled on CPU#1.
Feb 6 09:43:41 XXXXXXX kernel: CPU1: Intel(R) Xeon(TM) CPU 2.40GHz stepping 07
Feb 6 09:43:41 XXXXXXX kernel: Booting processor 2/2 eip 2000
Feb 6 09:43:41 XXXXXXX kernel: Initializing CPU#2
Feb 6 09:43:41 XXXXXXX kernel: masked ExtINT on CPU#2
Feb 6 09:43:41 XXXXXXX kernel: ESR value before enabling vector: 00000000
Feb 6 09:43:41 XXXXXXX kernel: ESR value after enabling vector: 00000000
Feb 6 09:43:41 XXXXXXX kernel: Calibrating delay loop... 4767.06 BogoMIPS
Feb 6 09:43:41 XXXXXXX kernel: CPU: L1 I cache: 0K, L1 D cache: 8K
Feb 6 09:43:41 XXXXXXX kernel: CPU: L2 cache: 512K
Feb 6 09:43:41 XXXXXXX kernel: CPU: Physical Processor ID: 3
Feb 6 09:43:41 XXXXXXX kernel: Intel machine check reporting enabled on CPU#2.
Feb 6 09:43:41 XXXXXXX kernel: CPU2: Intel(R) Xeon(TM) CPU 2.40GHz stepping 07
Feb 6 09:43:41 XXXXXXX kernel: Booting processor 3/3 eip 2000
Feb 6 09:43:41 XXXXXXX kernel: Initializing CPU#3
Feb 6 09:43:41 XXXXXXX kernel: masked ExtINT on CPU#3
Feb 6 09:43:41 XXXXXXX kernel: ESR value before enabling vector: 00000000
Feb 6 09:43:41 XXXXXXX kernel: ESR value after enabling vector: 00000000
Feb 6 09:43:41 XXXXXXX kernel: Calibrating delay loop... 4767.06 BogoMIPS
Feb 6 09:43:41 XXXXXXX kernel: CPU: L1 I cache: 0K, L1 D cache: 8K
Feb 6 09:43:41 XXXXXXX kernel: CPU: L2 cache: 512K
Feb 6 09:43:41 XXXXXXX keytable: Loading keymap: succeeded
Feb 6 09:43:41 XXXXXXX rpc.statd[808]: unable to register (statd, 1, udp).
Feb 6 09:43:41 XXXXXXX kernel: CPU: Physical Processor ID: 3
Feb 6 09:43:41 XXXXXXX kernel: Intel machine check reporting enabled on CPU#3.
Feb 6 09:43:41 XXXXXXX kernel: CPU3: Intel(R) Xeon(TM) CPU 2.40GHz stepping 07
Feb 6 09:43:41 XXXXXXX kernel: Total of 4 processors activated (19036.84 BogoMIPS).
Feb 6 09:43:41 XXXXXXX kernel: cpu_sibling_map[0] = 1
Feb 6 09:43:41 XXXXXXX kernel: cpu_sibling_map[1] = 0
Feb 6 09:43:41 XXXXXXX kernel: cpu_sibling_map[2] = 3
Feb 6 09:43:41 XXXXXXX kernel: cpu_sibling_map[3] = 2
Feb 6 09:43:41 XXXXXXX kernel: ENABLING IO-APIC IRQs
Feb 6 09:43:41 XXXXXXX kernel: Setting 4 in the phys_id_present_map
Feb 6 09:43:41 XXXXXXX kernel: ...changing IO-APIC physical APIC ID to 4 ... ok.
Feb 6 09:43:41 XXXXXXX kernel: Setting 5 in the phys_id_present_map
Feb 6 09:43:41 XXXXXXX kernel: ...changing IO-APIC physical APIC ID to 5 ... ok.
Feb 6 09:43:41 XXXXXXX kernel: Setting 6 in the phys_id_present_map
Feb 6 09:43:41 XXXXXXX kernel: ...changing IO-APIC physical APIC ID to 6 ... ok.
Feb 6 09:43:41 XXXXXXX keytable: Loading system font: succeeded
Feb 6 09:43:41 XXXXXXX kernel: ..TIMER: vector=0x31 pin1=2 pin2=0
Feb 6 09:43:41 XXXXXXX kernel: ..MP-BIOS bug: 8254 timer not connected to IO-APIC
Feb 6 09:43:41 XXXXXXX kernel: ...trying to set up timer (IRQ0) through the 8259A ...
Feb 6 09:43:41 XXXXXXX kernel: ..... (found pin 0) ...works.
Feb 6 09:43:41 XXXXXXX kernel: testing the IO APIC.......................
Feb 6 09:43:41 XXXXXXX kernel:
Feb 6 09:43:41 XXXXXXX last message repeated 2 times
Feb 6 09:43:41 XXXXXXX kernel: .................................... done.
Feb 6 09:43:41 XXXXXXX kernel: Using local APIC timer interrupts.
Feb 6 09:43:41 XXXXXXX kernel: calibrating APIC timer ...
Feb 6 09:43:41 XXXXXXX kernel: ..... CPU clock speed is 2388.0926 MHz.
Feb 6 09:43:41 XXXXXXX kernel: ..... host bus clock speed is 99.1015 MHz.
Feb 6 09:43:41 XXXXXXX kernel: cpu: 0, clocks: 194362, slice: 38872
Feb 6 09:43:41 XXXXXXX kernel: CPU0<T0:194352,T1:155472,D:8,S:38872,C:194362>
Feb 6 09:43:41 XXXXXXX kernel: cpu: 1, clocks: 194362, slice: 38872
Feb 6 09:43:41 XXXXXXX kernel: cpu: 3, clocks: 194362, slice: 38872
Feb 6 09:43:41 XXXXXXX kernel: cpu: 2, clocks: 194362, slice: 38872
Feb 6 09:43:41 XXXXXXX kernel: CPU1<T0:194352,T1:116608,D:0,S:38872,C:194362>
Feb 6 09:43:41 XXXXXXX kernel: CPU2<T0:194352,T1:77728,D:8,S:38872,C:194362>
Feb 6 09:43:41 XXXXXXX kernel: CPU3<T0:194352,T1:38864,D:0,S:38872,C:194362>
Feb 6 09:43:41 XXXXXXX kernel: checking TSC synchronization across CPUs: passed.
Feb 6 09:43:41 XXXXXXX kernel: migration_task 0 on cpu=0
Feb 6 09:43:41 XXXXXXX kernel: migration_task 1 on cpu=1
Feb 6 09:43:41 XXXXXXX kernel: migration_task 2 on cpu=2
Feb 6 09:43:41 XXXXXXX kernel: migration_task 3 on cpu=3
Feb 6 09:43:41 XXXXXXX kernel: PCI: PCI BIOS revision 2.10 entry at 0xfc98e, last bus=5
Feb 6 09:43:41 XXXXXXX kernel: PCI: Using configuration type 1
Feb 6 09:43:41 XXXXXXX kernel: PCI: Probing PCI hardware
Feb 6 09:43:41 XXXXXXX kernel: PCI: Discovered primary peer bus 01 [IRQ]
Feb 6 09:43:41 XXXXXXX kernel: PCI: Discovered primary peer bus 02 [IRQ]
Feb 6 09:43:41 XXXXXXX kernel: PCI: Discovered primary peer bus 03 [IRQ]
Feb 6 09:43:41 XXXXXXX kernel: PCI: Discovered primary peer bus 04 [IRQ]
Feb 6 09:43:41 XXXXXXX kernel: PCI: Using IRQ router ServerWorks [1166/0201] at 00:0f.0
Feb 6 09:43:41 XXXXXXX kernel: PCI->APIC IRQ transform: (B0,I4,P0) -> 19
Feb 6 09:43:41 XXXXXXX kernel: PCI->APIC IRQ transform: (B0,I4,P1) -> 23
Feb 6 09:43:41 XXXXXXX kernel: PCI->APIC IRQ transform: (B0,I4,P2) -> 27
Feb 6 09:43:41 XXXXXXX random: Initializing random number generator: succeeded
Feb 6 09:43:41 XXXXXXX kernel: PCI->APIC IRQ transform: (B1,I6,P0) -> 16
Feb 6 09:43:41 XXXXXXX kernel: PCI->APIC IRQ transform: (B1,I8,P0) -> 20
Feb 6 09:43:41 XXXXXXX kernel: PCI->APIC IRQ transform: (B3,I6,P0) -> 28
Feb 6 09:43:41 XXXXXXX kernel: PCI->APIC IRQ transform: (B3,I8,P0) -> 29
Feb 6 09:43:41 XXXXXXX kernel: PCI->APIC IRQ transform: (B4,I8,P0) -> 30
Feb 6 09:43:41 XXXXXXX kernel: PCI->APIC IRQ transform: (B5,I6,P0) -> 30
Feb 6 09:43:41 XXXXXXX kernel: PCI->APIC IRQ transform: (B5,I6,P1) -> 31
Feb 6 09:43:41 XXXXXXX kernel: isapnp: Scanning for PnP cards...
Feb 6 09:43:41 XXXXXXX kernel: isapnp: No Plug & Play device found
Feb 6 09:43:41 XXXXXXX kernel: speakup: initialized device: /dev/synth, node (MAJOR 10, MINOR 25)
Feb 6 09:43:41 XXXXXXX kernel: Linux NET4.0 for Linux 2.4
Feb 6 09:43:41 XXXXXXX kernel: Based upon Swansea University Computer Society NET3.039
Feb 6 09:43:41 XXXXXXX kernel: Initializing RT netlink socket
Feb 6 09:43:41 XXXXXXX kernel: apm: BIOS not found.
Feb 6 09:43:41 XXXXXXX kernel: Starting kswapd
Feb 6 09:43:41 XXXXXXX kernel: allocated 64 pages and 64 bhs reserved for the highmem bounces
Feb 6 09:43:41 XXXXXXX kernel: VFS: Diskquotas version dquot_6.5.0 initialized
Feb 6 09:43:41 XXXXXXX kernel: pty: 2048 Unix98 ptys configured
Feb 6 09:43:41 XXXXXXX kernel: Serial driver version 5.05c (2001-07-08) with MANY_PORTS MULTIPORT SHARE_IRQ SERIAL_PCI$
Feb 6 09:43:41 XXXXXXX kernel: ttyS0 at 0x03f8 (irq = 4) is a 16550A
Feb 6 09:43:41 XXXXXXX kernel: ttyS1 at 0x02f8 (irq = 3) is a 16550A
Feb 6 09:43:41 XXXXXXX kernel: Real Time Clock Driver v1.10e
Feb 6 09:43:41 XXXXXXX kernel: oprofile: can't get RTC I/O Ports
Feb 6 09:43:41 XXXXXXX kernel: block: 1024 slots per queue, batch=256
Feb 6 09:43:41 XXXXXXX kernel: Uniform Multi-Platform E-IDE driver Revision: 6.31
Feb 6 09:43:41 XXXXXXX kernel: ide: Assuming 33MHz system bus speed for PIO modes; override with idebus=xx
Feb 6 09:43:41 XXXXXXX kernel: SvrWks CSB5: IDE controller on PCI bus 00 dev 79
Feb 6 09:43:41 XXXXXXX kernel: SvrWks CSB5: chipset revision 147
Feb 6 09:43:41 XXXXXXX kernel: SvrWks CSB5: not 100%% native mode: will probe irqs later
Feb 6 09:43:41 XXXXXXX kernel: SvrWks CSB5: simplex device: DMA forced
Feb 6 09:43:41 XXXXXXX kernel: ide0: BM-DMA at 0x08b0-0x08b7, BIOS settings: hda:DMA, hdb:pio
Feb 6 09:43:41 XXXXXXX kernel: SvrWks CSB5: simplex device: DMA forced
Feb 6 09:43:41 XXXXXXX kernel: ide1: BM-DMA at 0x08b8-0x08bf, BIOS settings: hdc:DMA, hdd:DMA
Feb 6 09:43:41 XXXXXXX kernel: hda: TEAC CD-ROM CD-224E, ATAPI CD/DVD-ROM drive
Feb 6 09:43:41 XXXXXXX kernel: ide0 at 0x1f0-0x1f7,0x3f6 on irq 14
Feb 6 09:43:41 XXXXXXX kernel: ide-floppy driver 0.99.newide
Feb 6 09:43:41 XXXXXXX kernel: Floppy drive(s): fd0 is 1.44M
Feb 6 09:43:41 XXXXXXX kernel: FDC 0 is a National Semiconductor PC87306
Feb 6 09:43:41 XXXXXXX kernel: NET4: Frame Diverter 0.46
Feb 6 09:43:41 XXXXXXX kernel: RAMDISK driver initialized: 16 RAM disks of 4096K size 1024 blocksize
Feb 6 09:43:41 XXXXXXX kernel: ide-floppy driver 0.99.newide
Feb 6 09:43:41 XXXXXXX kernel: md: md driver 0.90.0 MAX_MD_DEVS=256, MD_SB_DISKS=27
Feb 6 09:43:41 XXXXXXX kernel: md: Autodetecting RAID arrays.
Feb 6 09:43:41 XXXXXXX kernel: md: autorun ...
Feb 6 09:43:41 XXXXXXX kernel: md: ... autorun DONE.
Feb 6 09:43:41 XXXXXXX kernel: pci_hotplug: PCI Hot Plug PCI Core version: 0.4
Feb 6 09:43:41 XXXXXXX kernel: NET4: Linux TCP/IP 1.0 for NET4.0
Feb 6 09:43:41 XXXXXXX kernel: IP Protocols: ICMP, UDP, TCP, IGMP
Feb 6 09:43:41 XXXXXXX kernel: IP: routing cache hash table of 8192 buckets, 64Kbytes
Feb 6 09:43:41 XXXXXXX kernel: TCP: Hash tables configured (established 262144 bind 65536)
Feb 6 09:43:41 XXXXXXX kernel: Linux IP multicast router 0.06 plus PIM-SM
Feb 6 09:43:41 XXXXXXX kernel: NET4: Unix domain sockets 1.0/SMP for Linux NET4.0.
Feb 6 09:43:41 XXXXXXX kernel: RAMDISK: Compressed image found at block 0
Feb 6 09:43:41 XXXXXXX kernel: Freeing initrd memory: 202k freed
Feb 6 09:43:41 XXXXXXX kernel: VFS: Mounted root (ext2 filesystem).
Feb 6 09:43:41 XXXXXXX kernel: SCSI subsystem driver Revision: 1.00
Feb 6 09:43:41 XXXXXXX kernel: kmod: failed to exec /sbin/modprobe -s -k scsi_hostadapter, errno = 2
Feb 6 09:43:41 XXXXXXX kernel: Red Hat/Adaptec aacraid driver, Dec 12 2002
Feb 6 09:43:41 XXXXXXX kernel: AAC0: kernel 2.7.4 build 3170
Feb 6 09:43:41 XXXXXXX kernel: AAC0: monitor 2.7.4 build 3170
Feb 6 09:43:41 XXXXXXX kernel: AAC0: bios 2.7.0 build 3170
Feb 6 09:43:41 XXXXXXX kernel: AAC0: serial 0378441d3
Feb 6 09:43:41 XXXXXXX kernel: scsi0 : percraid
Feb 6 09:43:41 XXXXXXX kernel: Vendor: DELL Model: PERCRAID Mirror Rev: V1.0
Feb 6 09:43:41 XXXXXXX kernel: Type: Direct-Access ANSI SCSI revision: 02
Feb 6 09:43:41 XXXXXXX kernel: Attached scsi removable disk sda at scsi0, channel 0, id 0, lun 0
Feb 6 09:43:41 XXXXXXX kernel: SCSI device sda: 71091456 512-byte hdwr sectors (36399 MB)
Feb 6 09:43:41 XXXXXXX kernel: sda: Write Protect is off
Feb 6 09:43:41 XXXXXXX kernel: Partition check:
Feb 6 09:43:41 XXXXXXX kernel: sda: sda1 sda2 sda3 sda4 < sda5 sda6 sda7 sda8 sda9 >
Feb 6 09:43:41 XXXXXXX kernel: Journalled Block Device driver loaded
Feb 6 09:43:41 XXXXXXX kernel: EXT3-fs: INFO: recovery required on readonly filesystem.
Feb 6 09:43:41 XXXXXXX kernel: EXT3-fs: write access will be enabled during recovery.
Feb 6 09:43:41 XXXXXXX kernel: kjournald starting. Commit interval 5 seconds
Feb 6 09:43:41 XXXXXXX kernel: EXT3-fs: recovery complete.
Feb 6 09:43:41 XXXXXXX kernel: EXT3-fs: mounted filesystem with ordered data mode.
Feb 6 09:43:41 XXXXXXX kernel: Freeing unused kernel memory: 188k freed
Feb 6 09:43:41 XXXXXXX kernel: Adding Swap: 522072k swap-space (priority -1)
Feb 6 09:43:41 XXXXXXX kernel: usb.c: registered new driver usbdevfs
Feb 6 09:43:41 XXXXXXX kernel: usb.c: registered new driver hub
Feb 6 09:43:41 XXXXXXX kernel: usb-ohci.c: USB OHCI at membase 0xf88b6000, IRQ 5
Feb 6 09:43:41 XXXXXXX kernel: usb-ohci.c: usb-00:0f.2, ServerWorks OSB4/CSB5 OHCI USB Controller
Feb 6 09:43:41 XXXXXXX kernel: usb.c: new USB bus registered, assigned bus number 1
Feb 6 09:43:41 XXXXXXX kernel: hub.c: USB hub found
Feb 6 09:43:41 XXXXXXX kernel: hub.c: 4 ports detected
Feb 6 09:43:41 XXXXXXX kernel: EXT3 FS 2.4-0.9.18, 14 May 2002 on sd(8,6), internal journal
Feb 6 09:43:41 XXXXXXX kernel: kjournald starting. Commit interval 5 seconds
Feb 6 09:43:41 XXXXXXX kernel: EXT3 FS 2.4-0.9.18, 14 May 2002 on sd(8,2), internal journal
Feb 6 09:43:41 XXXXXXX kernel: EXT3-fs: mounted filesystem with ordered data mode.
Feb 6 09:43:41 XXXXXXX kernel: kjournald starting. Commit interval 5 seconds
Feb 6 09:43:41 XXXXXXX kernel: EXT3 FS 2.4-0.9.18, 14 May 2002 on sd(8,7), internal journal
Feb 6 09:43:41 XXXXXXX kernel: EXT3-fs: mounted filesystem with ordered data mode.
Feb 6 09:43:41 XXXXXXX kernel: kjournald starting. Commit interval 5 seconds
Feb 6 09:43:41 XXXXXXX kernel: EXT3 FS 2.4-0.9.18, 14 May 2002 on sd(8,9), internal journal
Feb 6 09:43:41 XXXXXXX kernel: EXT3-fs: mounted filesystem with ordered data mode.
Feb 6 09:43:41 XXXXXXX kernel: kjournald starting. Commit interval 5 seconds
Feb 6 09:43:41 XXXXXXX kernel: EXT3 FS 2.4-0.9.18, 14 May 2002 on sd(8,8), internal journal
Feb 6 09:43:41 XXXXXXX kernel: EXT3-fs: mounted filesystem with ordered data mode.
Feb 6 09:43:41 XXXXXXX kernel: kjournald starting. Commit interval 5 seconds
Feb 6 09:43:41 XXXXXXX kernel: EXT3 FS 2.4-0.9.18, 14 May 2002 on sd(8,3), internal journal
Feb 6 09:43:41 XXXXXXX kernel: EXT3-fs: mounted filesystem with ordered data mode.
Feb 6 09:43:41 XXXXXXX kernel: tg3.c:v1.2 (Nov 14, 2002)
Feb 6 09:43:41 XXXXXXX kernel: eth0: Tigon3 [partno(BCM95701A10) rev 0105 PHY(5701)] (PCIX:133MHz:64-bit) 10/100/1000B$
Feb 6 09:43:41 XXXXXXX kernel: eth1: Tigon3 [partno(BCM95701A10) rev 0105 PHY(5701)] (PCIX:133MHz:64-bit) 10/100/1000B$
Feb 6 09:43:41 XXXXXXX kernel: acenic.c: v0.92 08/05/2002 Jes Sorensen, linux-acenic () SunSITE dk
Feb 6 09:43:41 XXXXXXX kernel: http://home.cern.ch/~jes/gige/acenic.html
Feb 6 09:43:41 XXXXXXX kernel: eth2: 3Com 3C985 Gigabit Ethernet at 0xfcf04000, irq 16
Feb 6 09:43:41 XXXXXXX kernel: Tigon II (Rev. 6), Firmware: 12.4.11, MAC: 00:60:08:f5:f5:c6
Feb 6 09:43:41 XXXXXXX kernel: PCI bus width: 64 bits, speed: 66MHz, latency: 64 clks
Feb 6 09:43:41 XXXXXXX kernel: Disabling PCI memory write and invalidate
Feb 6 09:43:41 XXXXXXX kernel: tg3: eth0: Link is up at 100 Mbps, full duplex.
Feb 6 09:43:41 XXXXXXX kernel: tg3: eth0: Flow control is off for TX and off for RX.
Feb 6 09:43:41 XXXXXXX kernel: eth2: Firmware up and running
Feb 6 09:43:41 XXXXXXX kernel: eth3: 3Com 3C985 Gigabit Ethernet at 0xfcf00000, irq 20
Feb 6 09:43:41 XXXXXXX kernel: Tigon II (Rev. 6), Firmware: 12.4.11, MAC: 00:60:08:f5:f6:06
Feb 6 09:43:41 XXXXXXX kernel: PCI bus width: 64 bits, speed: 66MHz, latency: 64 clks
Feb 6 09:43:41 XXXXXXX kernel: Disabling PCI memory write and invalidate
Feb 6 09:43:41 XXXXXXX kernel: eth3: Firmware up and running
Feb 6 09:43:41 XXXXXXX netfs: Mounting other filesystems: succeeded
Feb 6 09:43:41 XXXXXXX ntpd[920]: ntpd 4.1.1@1.786 Mon Apr 8 06:30:52 EDT 2002 (1)
Feb 6 09:43:41 XXXXXXX ntpd: ntpd startup succeeded
Feb 6 09:43:42 XXXXXXX ntpd[920]: precision = 11 usec
Feb 6 09:43:42 XXXXXXX ntpd[920]: kernel time discipline status 0040
Feb 6 09:43:42 XXXXXXX ntpd[920]: frequency initialized 0.000 from /etc/ntp/drift
Feb 6 09:43:42 XXXXXXX autofs: automount startup succeeded
Feb 6 09:43:42 XXXXXXX sshd: Starting sshd:
Feb 6 09:43:42 XXXXXXX sshd: succeeded
Feb 6 09:43:42 XXXXXXX sshd: ^[[60G[
Feb 6 09:43:42 XXXXXXX sshd:
Feb 6 09:43:42 XXXXXXX rc: Starting sshd: succeeded
Feb 6 09:43:42 XXXXXXX xinetd[1005]: pmap_set failed. service=sgi_fam program=391002 version=2
Feb 6 09:43:43 XXXXXXX xinetd[1005]: xinetd Version 2.3.7 started with libwrap options compiled in.
Feb 6 09:43:43 XXXXXXX xinetd[1005]: Started working: 2 available services
Feb 6 09:43:14 XXXXXXX rc.sysinit: Mounting proc filesystem: succeeded
Feb 6 09:43:14 XXXXXXX rc.sysinit: Unmounting initrd: succeeded
Feb 6 09:43:14 XXXXXXX sysctl: net.ipv4.ip_forward = 0
Feb 6 09:43:14 XXXXXXX sysctl: net.ipv4.conf.default.rp_filter = 1
Feb 6 09:43:14 XXXXXXX sysctl: kernel.sysrq = 0
Feb 6 09:43:14 XXXXXXX sysctl: kernel.core_uses_pid = 1
Feb 6 09:43:14 XXXXXXX rc.sysinit: Configuring kernel parameters: succeeded
Feb 6 09:43:14 XXXXXXX date: Thu Feb 6 09:43:04 CST 2003
Feb 6 09:43:14 XXXXXXX rc.sysinit: Setting clock (localtime): Thu Feb 6 09:43:04 CST 2003 succeeded
Feb 6 09:43:14 XXXXXXX rc.sysinit: Loading default keymap succeeded
Feb 6 09:43:14 XXXXXXX rc.sysinit: Setting default font (lat0-sun16): succeeded
Feb 6 09:43:14 XXXXXXX rc.sysinit: Activating swap partitions: succeeded
Feb 6 09:43:14 XXXXXXX rc.sysinit: Setting hostname XXXXXXX.gableseng.net: succeeded
Feb 6 09:43:14 XXXXXXX rc.sysinit: Mounting USB filesystem: succeeded
Feb 6 09:43:14 XXXXXXX rc.sysinit: Initializing USB controller (usb-ohci): succeeded
Feb 6 09:43:14 XXXXXXX fsck: /: clean, 24809/192000 files, 71937/383544 blocks
Feb 6 09:43:14 XXXXXXX rc.sysinit: Checking root filesystem succeeded
Feb 6 09:43:14 XXXXXXX rc.sysinit: Remounting root filesystem in read-write mode: succeeded
Feb 6 09:43:15 XXXXXXX rc.sysinit: Finding module dependencies: succeeded
Feb 6 09:43:15 XXXXXXX fsck: /boot: recovering journal
Feb 6 09:43:15 XXXXXXX fsck: /boot: clean, 71/20160 files, 36316/80325 blocks
Feb 6 09:43:15 XXXXXXX fsck: /home: recovering journal
Feb 6 09:43:15 XXXXXXX fsck: /home: clean, 24/262144 files, 16463/524112 blocks
Feb 6 09:43:15 XXXXXXX fsck: /tmp: recovering journal
Feb 6 09:43:15 XXXXXXX fsck: /tmp: clean, 300/130560 files, 28125/522081 blocks
Feb 6 09:43:15 XXXXXXX fsck: /usr: recovering journal
Feb 6 09:43:16 XXXXXXX fsck: /usr: clean, 175404/1089152 files, 877951/2176799 blocks
Feb 6 09:43:16 XXXXXXX fsck: /var: recovering journal
Feb 6 09:43:17 XXXXXXX fsck: /var: clean, 1988/2752512 files, 133164/5498246 blocks
Feb 6 09:43:17 XXXXXXX rc.sysinit: Checking filesystems succeeded
Feb 6 09:43:17 XXXXXXX rc.sysinit: Mounting local filesystems: succeeded
Feb 6 09:43:17 XXXXXXX rc.sysinit: Enabling local filesystem quotas: succeeded
Feb 6 09:43:18 XXXXXXX rc.sysinit: Enabling swap space: succeeded
Feb 6 09:43:20 XXXXXXX init: Entering runlevel: 5
Feb 6 09:43:20 XXXXXXX kudzu: Updating /etc/fstab succeeded
Feb 6 09:43:30 XXXXXXX kudzu: succeeded
Feb 6 09:43:30 XXXXXXX sysctl: net.ipv4.ip_forward = 0
Feb 6 09:43:30 XXXXXXX sysctl: net.ipv4.conf.default.rp_filter = 1
Feb 6 09:43:30 XXXXXXX sysctl: kernel.sysrq = 0
Feb 6 09:43:30 XXXXXXX sysctl: kernel.core_uses_pid = 1
Feb 6 09:43:30 XXXXXXX network: Setting network parameters: succeeded
Feb 6 09:43:30 XXXXXXX network: Bringing up loopback interface: succeeded
Feb 6 09:43:34 XXXXXXX network: Bringing up interface eth0: succeeded
Feb 6 09:43:34 XXXXXXX network: Bringing up interface eth1: succeeded
Feb 6 09:43:39 XXXXXXX ifup: RTNETLINK answers: File exists
Feb 6 09:43:39 XXXXXXX network: Bringing up interface eth2: succeeded
Feb 6 09:43:41 XXXXXXX ifup: RTNETLINK answers: File exists
Feb 6 09:43:41 XXXXXXX network: Bringing up interface eth3: succeeded
Feb 6 09:43:45 XXXXXXX xinetd: xinetd startup succeeded
Feb 6 09:43:46 XXXXXXX gpm: gpm startup succeeded
Feb 6 09:43:47 XXXXXXX httpd: httpd startup succeeded
Feb 6 09:43:48 XXXXXXX crond: crond startup succeeded
Feb 6 09:43:49 XXXXXXX xfs: listening on port 7100
Feb 6 09:43:49 XXXXXXX xfs: xfs startup succeeded
Feb 6 09:43:49 XXXXXXX anacron: anacron startup succeeded
Feb 6 09:43:49 XXXXXXX atd: atd startup succeeded
Feb 6 09:43:49 XXXXXXX xfs: ignoring font path element /usr/X11R6/lib/X11/fonts/CID (unreadable)
Feb 6 09:43:49 XXXXXXX xfs: ignoring font path element /usr/X11R6/lib/X11/fonts/local (unreadable)
Feb 6 09:43:49 XXXXXXX xfs: ignoring font path element /usr/X11R6/lib/X11/fonts/latin2/Type1 (unreadable)
Feb 6 09:43:49 XXXXXXX rhnsd[1260]: Red Hat Network Services Daemon starting up.
Feb 6 09:43:49 XXXXXXX rhnsd: rhnsd startup succeeded
Feb 6 09:43:50 XXXXXXX kernel: tg3: eth1: Link is up at 100 Mbps, half duplex.
Feb 6 09:43:50 XXXXXXX kernel: tg3: eth1: Flow control is off for TX and off for RX.
Feb 6 09:43:50 XXXXXXX modprobe: modprobe: Can't locate module char-major-10-134
Feb 6 09:43:51 XXXXXXX kernel: mtrr: type mismatch for fd000000,800000 old: uncachable new: write-combining
Feb 6 09:43:51 XXXXXXX kernel: mtrr: type mismatch for fd000000,800000 old: uncachable new: write-combining
Feb 6 09:43:51 XXXXXXX modprobe: modprobe: Can't locate module char-major-81
Feb 6 09:46:58 XXXXXXX ntpd[920]: kernel time discipline status change 41
Feb 6 12:10:16 XXXXXXX kernel: device eth1 entered promiscuous mode
Feb 6 12:10:16 XXXXXXX kernel: device eth1 left promiscuous mode
Feb 6 12:10:16 XXXXXXX kernel: device eth1 entered promiscuous mode
Feb 6 12:10:16 XXXXXXX snort: WARNING: OpenPcap() device eth1 network lookup: ^Ieth1: no IPv4 address assigned
Feb 6 12:10:16 XXXXXXX snort: Initializing daemon mode
Feb 6 12:10:16 XXXXXXX snort: PID path stat checked out ok, PID path set to /var/run/
Feb 6 12:10:16 XXXXXXX snort: Writing PID "1770" to file "/var/run//snort_eth1.pid"
Feb 6 12:10:16 XXXXXXX snort: http_decode arguments:
Feb 6 12:10:16 XXXXXXX snort: Unicode decoding
Feb 6 12:10:16 XXXXXXX snort: IIS alternate Unicode decoding
Feb 6 12:10:16 XXXXXXX snort: IIS double encoding vuln
Feb 6 12:10:16 XXXXXXX snort: Flip backslash to slash
Feb 6 12:10:16 XXXXXXX snort: Include additional whitespace separators
Feb 6 12:10:16 XXXXXXX snort: Ports to decode http on: 80
Feb 6 12:10:16 XXXXXXX snort: rpc_decode arguments:
Feb 6 12:10:16 XXXXXXX snort: Ports to decode RPC on: 111 32771
Feb 6 12:10:16 XXXXXXX snort: telnet_decode arguments:
Feb 6 12:10:16 XXXXXXX snort: Ports to decode RPC on: 111 32771
Feb 6 12:10:16 XXXXXXX snort: telnet_decode arguments:
Feb 6 12:10:16 XXXXXXX snort: Ports to decode telnet on: 21 23 25 119
Feb 6 12:10:16 XXXXXXX snort: Conversation Config:
Feb 6 12:10:16 XXXXXXX snort: KeepStats: 0
Feb 6 12:10:16 XXXXXXX snort: Conv Count: 32000
Feb 6 12:10:16 XXXXXXX snort: Timeout : 60
Feb 6 12:10:16 XXXXXXX snort: Alert Odd?: 0
Feb 6 12:10:16 XXXXXXX snort: Allowed IP Protocols:
Feb 6 12:10:16 XXXXXXX snort: All
Feb 6 12:10:16 XXXXXXX snort:
Feb 6 12:10:16 XXXXXXX snort: Portscan2 config:
Feb 6 12:10:16 XXXXXXX snort: log: /var/log/snort/scan.log
Feb 6 12:10:16 XXXXXXX snort: scanners_max: 3200
Feb 6 12:10:16 XXXXXXX snort: targets_max: 5000
Feb 6 12:10:16 XXXXXXX snort: target_limit: 5
Feb 6 12:10:16 XXXXXXX snort: port_limit: 20
Feb 6 12:10:16 XXXXXXX snort: timeout: 60
Feb 6 12:10:16 XXXXXXX snort: Snort initialization completed successfully, Snort running
Feb 6 12:46:33 XXXXXXX sshd(pam_unix)[1818]: session opened for user root by (uid=0)
***********************
Snort.conf for eth1
***********************
#-------------------------------------------------------------------------------
# Snort Configuration file for < IDS_Sensor >
# Created with SnortCenter v0.9.6 < http://users.pandora.be/larc/ >
# $Id: snort.conf, Monday 03rd of February 2003 05:21:40 PM
#-------------------------------------------------------------------------------
var HOME_NET [XXX.XXX.XXX.XXX/24]
var EXTERNAL_NET any
var HTTP_PORTS 80
var SHELLCODE_PORTS !80
var ORACLE_PORTS 1521
var AIM_SERVERS [64.12.24.0/24,64.12.25.0/24,64.12.26.14/24,64.12.28.0/24,64.12.29.0/24,64.12.161.0/24,64.12.163.0/24,2$
var RULE_PATH ../rules
var TELNET_SERVERS $HOME_NET
var SQL_SERVERS $HOME_NET
var HTTP_SERVERS $HOME_NET
var SMTP_SERVERS $HOME_NET
var DNS_SERVERS $HOME_NET
#
preprocessor frag2
preprocessor stream4: detect_scans, disable_evasion_alerts
preprocessor stream4_reassemble
preprocessor http_decode: 80 unicode iis_alt_unicode double_encode iis_flip_slash full_whitespace
preprocessor rpc_decode: 111 32771
preprocessor bo: -nobrute
preprocessor telnet_decode
preprocessor conversation: allowed_ip_protocols all, timeout 60, max_conversations 32000
preprocessor portscan2: scanners_max 3200, targets_max 5000, target_limit 5, port_limit 20, timeout 60
#
output database: log, mysql, user=XXX password=XXX dbname=XXX host=localhost
**********************
ifconfig results:
**********************
eth0 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX
inet addr:XXX.XXX.XXX.XXX Bcast:XXX.XXX.XXX.XXX Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10591 errors:0 dropped:0 overruns:0 frame:0
TX packets:7406 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:1379999 (1.3 Mb) TX bytes:3393426 (3.2 Mb)
Interrupt:28
eth1 Link encap:Ethernet HWaddr XX:XX:XX:XX:XX
UP BROADCAST RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:355225 errors:12 dropped:0 overruns:0 frame:6
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:177448379 (169.2 Mb) TX bytes:0 (0.0 b)
Interrupt:29
eth2 Link encap:Ethernet HWaddr 00:60:08:F5:F5:C6
inet addr: XX:XX:XX:XX:XX Bcast: XX:XX:XX:XX:XX Mask:255.255.255.0
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:168 (168.0 b)
Interrupt:16 Base address:0x4000
eth3 Link encap:Ethernet HWaddr 00:60:08:F5:F6:06
inet addr: XX:XX:XX:XX:XX Bcast: XX:XX:XX:XX:XX Mask:255.255.255.0
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:168 (168.0 b)
Interrupt:20
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:158 errors:0 dropped:0 overruns:0 frame:0
TX packets:158 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:30000 (29.2 Kb) TX bytes:30000 (29.2 Kb)
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 1.9.0 Hard Crashes/Lockups Ricardo, Gerson (Feb 06)
- Re: Snort 1.9.0 Hard Crashes/Lockups Erek Adams (Feb 06)
- Re: Snort 1.9.0 Hard Crashes/Lockups Demetri Mouratis (Feb 06)
- Re: Snort 1.9.0 Hard Crashes/Lockups Chris Green (Feb 06)