Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort 2.8.2.1 stops logging after 1 minute...

From: "Frank Reid" <fcreid () ourcorner org>
Date: Wed, 16 Jul 2008 15:03:55 -0400
Yes to all.  On FreeBSD 6.3-STABLE with the Snort 2.8.2.X from the FreeBSD
ports tree, I have the same issues even with just a minimum Snort "stock"
rule set enabled.  It logs to MySQL no longer than an hour, and usually
stops logging within minutes after starting.  It then consumes the entire
CPU until I kill -9 the process.  I downloaded and built a binary from the
previous 2.8.1 code base, and it's been running now for weeks without a
hiccup using the complete Snort rule set as well as the Emerging Threats
"ALL" rules (less I few I culled for my specific needs).  I have been
running Snort on FreeBSD forever (since 1.X code), and this is the first
time I've had a problem of this magnitude.  So, until someone can figure out
what's going on with 2.8.2, I'm stuck in the 2.8.1 world.


Frank

 

  _____  

From: snort-users-bounces () lists sourceforge net
[mailto:snort-users-bounces () lists sourceforge net] On Behalf Of craig
Sent: Wednesday, July 16, 2008 1:47 PM
To: JJ Cummings
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] snort 2.8.2.1 stops logging after 1 minute...

 


 


On Wed, 2008-07-16 at 13:32 -0400, JJ Cummings wrote: 

 
Any other bizarre behavior... i.e. high cpu usage during non-logging.. 
high mem usage etc etc...
 

Not that I can see:

  PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND

21726 snort   16   0  539m 474m 2184 S  9.7 23.6   0:27.04 snort   

The process averages on +- 10% CPU and occasionally spikes to 99%. hmm,
maybe I should roll back to 2.8.0 like Brent did and see if that helps. This
is the first time in my experience with snort that it does something like
this. 




 
J
 
Erickson, Brent W CIV NAVSEA KPWA wrote:

Hello List and Craig,


Hi Brent :) 

 


I have the same problem when running Snort 2.8.2.1 in binary dump mode.

So I dropped back to Snort 2.8.0

And I still have not figured out the problem.

Any one have any ideas?

Brent Erickson
 

-----Original Message-----
From: snort-users-bounces () lists sourceforge net
[mailto:snort-users-bounces () lists sourceforge net] On Behalf Of craig
Sent: Wednesday, July 16, 2008 7:48
To: snort-users () lists sourceforge net
Subject: [Snort-users] snort 2.8.2.1 stops logging after 1 minute...

Hi List,

I have installation running 2.8.2.1 that stops logging to the database
and log file after about 1 minute of starting up.

has anyone experienced the same problem yet or have some advise as to
where I can start looking for what might be the cause?

Thanks

Craig 


 
  

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: