![snort logo](/images/snort-logo.png)
Snort mailing list archives
Re: Snort-1.9 on OBSD-3.2
From: Erek Adams <erek () snort org>
Date: Tue, 28 Jan 2003 09:47:13 -0500 (EST)
On Tue, 28 Jan 2003 bthaler () webstream net wrote:
Here's some more detail: Command Line = /usr/local/bin/snort -c /etc/snort/snort.conf -i xl0 -D (same as Snort-1.8.7) Here's my preprocessors (pretty much default, as I haven't tweaked this install yet) preprocessor frag2 preprocessor stream4: disable_evasion_alerts, ttl_limit 0 preprocessor stream4_reassemble: noalerts preprocessor http_decode: 80 unicode iis_alt_unicode double_encode iis_flip_slash full_whitespace preprocessor rpc_decode: 111 32771 preprocessor conversation: allowed_ip_protocols all, timeout 60, max_conversations 32000 preprocessor portscan2: scanners_max 3200, targets_max 5000, target_limit 5, port_limit 20, timeout 60 And the output plugin (again this was working fine with Snort-1.8.7) output database: log, mysql, user=snort dbname=snort password=snort host=10.1.1.3 sensor_name=Webstream Since my first message, I have built Snort-1.8.7 and it's running smoothly (so far).
Well.... I can say this: [erek@ghosts]~>uname -a OpenBSD ghosts 3.2 GENERIC#25 i386 (yeah, yeah, I know--Build my own :) [erek@ghosts]~>snort -V Initializing Output Plugins! -*> Snort! <*- Version 2.0.0beta (Build 49) By Martin Roesch (roesch () sourcefire com, www.snort.org) Works just fine here. :) What kind of 'crash'? How does it die? Try running it w/o the -D and see what the error happens to be. Does it core? If so can you check the BUGS file and follow those gdb steps? If no core, run it under gdb (check BUGS for exact directions) and see what you can find. One thing that changed from 1.8.x -> 1.9.x was the amount of memory that Snort uses. Make sure you're not running out of memory. For example: load averages: 0.08, 0.08, 0.08 09:42:12 31 processes: 1 running, 29 idle, 1 stopped CPU states: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle Memory: Real: 110M/141M act/tot Free: 105M Swap: 0K/1024M used/tot PID USERNAME PRI NICE SIZE RES STATE WAIT TIME CPU COMMAND 16077 root 4 0 98M 98M sleep bpf 0:09 0.29% snort 98M on fairly bored box. Stream4 and Conversation eat tons of ram. Hungry lil' buggers. Hope that helps! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort-1.9 on OBSD-3.2 bthaler (Jan 28)
- <Possible follow-ups>
- RE: Snort-1.9 on OBSD-3.2 Gonzalez, Albert (Jan 28)
- Re: Snort-1.9 on OBSD-3.2 bthaler (Jan 28)
- Re: Snort-1.9 on OBSD-3.2 Erek Adams (Jan 28)
- Re: Snort-1.9 on OBSD-3.2 bthaler (Jan 28)
- Re: Snort-1.9 on OBSD-3.2 bthaler (Jan 28)
- RE: Snort-1.9 on OBSD-3.2 Eric Bonner (Jan 28)