Snort mailing list archives
Re: odd issue with barnyard2 pid files
From: beenph <beenph () gmail com>
Date: Wed, 9 Feb 2011 00:21:12 -0500
On Tue, Feb 8, 2011 at 10:12 PM, Russell Fulton <r.fulton () auckland ac nz> wrote:
Hi, I have a number of sensors on which I run snort and barnyard2 all are more or less identically configured (configuration pushed out from by a configuration management system -- puppet). On a couple of the sensors the created pid file is empty? which means that barnyard2 does not get shut down gracefully and I get errors on restart about inconsistent cids. Any ideas what might cause this?
[snort@mon263549 ~]$ barnyard2 -V ______ -*> Barnyard2 <*- / ,,_ \ Version 2.1.8 (Build 251) |o" )~| By the SecurixLive.com Team: http://www.securixlive.com/about.php + '''' + (C) Copyright 2008-2010 SecurixLive. Snort by Martin Roesch & The Snort Team: http://www.snort.org/team.html (C) Copyright 1998-2007 Sourcefire Inc., et al. [snort@mon263549 ~]$ ls -l run total 8 -rw------- 1 snort snort 0 Feb 1 11:13 barnyard2_dmzo.pid -rw------- 1 snort snort 0 Feb 1 11:13 barnyard2_dmzo.pid.lck -rw-rw-r-- 1 root root 6 Feb 9 15:12 snort_eth1-dmzo.pid -rw-rw-r-- 1 root root 0 Feb 9 15:12 snort_eth1-dmzo.pid.lck 4695 ? Ss 26:07 barnyard2 -c dmzo/conf/barnyard.conf -d /home/snort/data/dmzo/ -l /home/snort/data/dmzo/ -w /home/snort/data/dmzo/checkpoint -i dmzo -f snort.log --pid-path /home/snort/run/ Russell
What do you mean by barnyard2 do not get shut down gracefully? Which tool do you use to control your processes startup and shutdown? Can you output more error on the "inconsistent cid" issue your mentionning? As a side note what are the permission on the parent directory? Thanks, -elz ------------------------------------------------------------------------------ The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- odd issue with barnyard2 pid files Russell Fulton (Feb 08)
- Re: odd issue with barnyard2 pid files beenph (Feb 08)