Snort mailing list archives
RE: Snort - ACID - MySQL - My Head Ache
From: <snort () xiata com>
Date: Mon, 24 Mar 2003 14:05:06 -0500 (EST)
Hi Michael, This is a Copy Paste of sort of the same answer I posted earlier. I sent the original under an address other than the one that I subcribe to the list with... Any how here it is. No thing more. The application event log gives me the same as the XML garbage does. It is the snort service that stops. MySQL keeps on trucking like nothing is bothering it. Here is the event log entry (*2) 744,Application,Application Error,ERROR,XiataSNORT,Sun Mar 23 18:05:47 2003,1000,None,Faulting application snort.exe, version 0.0.0.0, faulting module snort.exe, version 0.0.0.0, fault address 0x0001fc6c. 743,Application,Application Error,ERROR,XiataSNORT,Sun Mar 23 17:57:42 2003,1000,None,Faulting application snort.exe, version 0.0.0.0, faulting module snort.exe, version 0.0.0.0, fault address 0x0001fc6c. As you can see there is not much to go from there. The comma delimited stuff breaks down like this: Event #, <Ignore>, <Ignore>, Type of Event, Event Header, HostName, Date/time, Event ID, Category, Event Data Attached is my snort.conf - with changes to IPs & MySQL user & pass to protect the innocent. Not that I changed much in it. The HomeNet is defined with real IPs in the same manner as the line suggests. I have no other info on this so I know that I am grasping a bit much to even hope to resolve this problem but I thought I would ask. Unless there is some way to dump extra data about how the snort service dies. I did a search on google & the MSKB for 0x0001fc6c but came up empty handed. If it helps any I installed this in February in a lab and had no problems. The moment I moved it to production (different IP address & location being the _only_ difference) it started to have problems. The initial set of instructions that I used where from Cnet Asia (http://www.asia.cnet.com/itmanager/specialreports/printfriendly.htm?AT=39092892-39006603t-39000240c) and then I revised them w/ the ones from SiliconDefense.com to try to clear up the problems I was having after the move to production (same as noted above. So the updates had not effect on resolving the issue). Carlos
Carlos, What error message are you receiving in your Event logs? Did the error occur in the System or Application log? Why are you doing anything with LibnetNT.dll? This library is not required in the configuration you described, unless you selected to use FlexRESP on the way in, and if that is the case, then reset snort without FlexRESP and try that. -Michael Michael Steele | System Engineer / Support Technician mailto:michaels () silicondefense com Silicon Defense: IDS solutions - http://www.silicondefense.com Snort: Open Source Network IDS - http://www.snort.org
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort - ACID - MySQL - My Head Ache snort (Mar 23)
- Re: Snort - ACID - MySQL - My Head Ache Erek Adams (Mar 23)
- Re: Snort - ACID - MySQL - My Head Ache snort (Mar 23)
- <Possible follow-ups>
- Snort - ACID - MySQL - My Head Ache carlos (Mar 24)
- RE: Snort - ACID - MySQL - My Head Ache Michael Steele (Mar 24)
- RE: Snort - ACID - MySQL - My Head Ache snort (Mar 24)
- RE: Snort - ACID - MySQL - My Head Ache Michael Steele (Mar 24)
- RE: Snort - ACID - MySQL - My Head Ache snort (Mar 24)
- RE: Snort - ACID - MySQL - My Head Ache Michael Steele (Mar 25)
- RE: Snort - ACID - MySQL - My Head Ache Michael Steele (Mar 24)
- Re: Snort - ACID - MySQL - My Head Ache Erek Adams (Mar 23)