Snort mailing list archives
Re: Fw: [HELP] snort stop processing on "Initializing rule chains" issue
From: Joel Esler <joel.esler () sourcefire com>
Date: Sat, 29 Dec 2007 08:38:13 -0500
You should try not running it in console mode, run it in daemon mode. How many rules do you have enabled? Please post your snort.conf file as I asked before. -- Joel Esler joel.esler () sourcefire com On Dec 28, 2007, at 11:29 PM, Rachmat Hidayat Al-Anshar wrote:
Ow, I have a wrong understanding about this, before I was thinking that Snort stuck its process because of RAM lacking. How is it Joel, the snort machine still stuck??? Now I using 768 MB of memory :'(( Help meee... Thanks Rachmat Hidayat Al Anshar ----- Forwarded Message ---- From: Rachmat Hidayat Al-Anshar <rachmat_hidayat_02 () yahoo com> To: snort <Snort-users () lists sourceforge net> Sent: Saturday, December 29, 2007 10:58:06 AMSubject: Re: [Snort-users] [HELP] snort stop processing on "Initializing rule chains" issue<rachmat_hidayat_02 () yahoo com> wrote: > Now I am using 512 MB of RAM and Snort still stuck on the road... > after Not Using PCAP_FRAMES... What do you mean by stuck on the road ? Can you give us a screenshot of Snort running on your computer ?Snort stuck its process, there is no any clue or message at all for this issue. I am using TSL for snort box, and I using the default env. (without xserver) I can't capture any screenshot, (i didn't also remote it using ssh (^^!))- Have you test your Snort installation first to test all your rules, using -t (if I am not mistaken) ? Yes indeed, I have test it using this following command: snort -c /etc/snort/snort.conf -T - Are you using Snort as a Daemon ? Nope, for a first shake its run with this following command snort -c /etc/snort/snort.conf -A console -K ascii so I can notice what was snort done to console. - Are there any traffic on your network that is monitored by Snort ? Nope, because my snort was hanging around the process, there is no packets was detected, even for a small parts. Just like Joel says, that my box was lack of memory, now I am trying to use 1 GB of memory :) Thanks for your response Tedi :) Happy days... Rachmat Hidayat Al Anshar -- cheers, tedi Blog : http://theriyanto.wordpress.com Website : http://tedi.heriyanto.net You Need More Than Awareness : Stay Alert! Never miss a thing. Make Yahoo your homepage.Be a better friend, newshound, and know-it-all with Yahoo! Mobile. Try it now .-------------------------------------------------------------------------This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: [HELP] snort stop processing on "Initializing rule chains" issue, (continued)
- Re: [HELP] snort stop processing on "Initializing rule chains" issue Rachmat Hidayat Al-Anshar (Dec 26)
- Re: [HELP] snort stop processing on "Initializing rule chains" issue Joel Esler (Dec 27)
- Re: [HELP] snort stop processing on "Initializing rule chains" issue Rachmat Hidayat Al-Anshar (Dec 27)
- Re: [HELP] snort stop processing on "Initializing rule chains" issue Tedi Heriyanto (Dec 28)
- Re: [HELP] snort stop processing on "Initializing rule chains" issue Joel Esler (Dec 28)
- Re: [HELP] snort stop processing on "Initializingrule chains" issue Arif Basha (Dec 28)
- Re: [HELP] snort stop processing on "Initializingrule chains" issue Tedi Heriyanto (Dec 28)
- Re: [HELP] snort stop processing on "Initializingrule chains" issue Joel Esler (Dec 29)
- Re: Fw: [HELP] snort stop processing on "Initializing rule chains" issue Joel Esler (Dec 29)