Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort Daemon dying unexpectedly

From: "Lay, James" <james.lay () wincofoods com>
Date: Thu, 22 Sep 2011 08:20:27 -0600
From: Russ Combs [mailto:rcombs () sourcefire com] 
Sent: Thursday, September 22, 2011 8:10 AM
To: Dheeraj Gupta
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Snort Daemon dying unexpectedly

Snort 2.9.1 is the latest version.  Any chance you can upgrade and let us know how that goes?

http://www.snort.org/snort-downloads
On Thu, Sep 22, 2011 at 1:12 AM, Dheeraj Gupta <dheeraj.gupta4 () gmail com> wrote:
Hi,
I am running snort-2.9.0.5 on a modest two core desktop machine. Snort sees a lot of organizational traffic (most of it 
at 100Mbits/s). Recenlty, I have come seen that snort daemon dies unexpectedly and has to be restarted. The messages 
logged in /var/log/messages for such unexpected exits are -

Sep 20 12:56:06 testids kernel: snort[17379]: segfault at 00002af05c58d000 rip 00002af055454a99 rsp 00007fff1ef4ad38 
error 4
Sep 20 12:56:06 testids kernel: device eth0 left promiscuous mode
OR
Sep 21 14:36:33 testids kernel: snort[22062] trap divide error rip:2b6cca32af6d rsp:7fffa228f410 error:0
Sep 21 14:36:33 testids kernel: device eth0 left promiscuous mode
OR
Sep 21 16:28:02 testids kernel: snort[26616] trap divide error rip:2b6bfdefef6d rsp:7fff810332c0 error:0
Sep 21 16:28:02 testids kernel: device eth0 left promiscuous mode

What could be causing these errors (the approximate rate of occurrence is about 1 per day)?




FWIW I got a 2.9.1 segfault earlier this month:
snort[6234]: segfault at 4e73a2f7 ip 080d22e8 sp bfe5a998 error 4 in snort[8048000+118000]

Just the one time though.

James

------------------------------------------------------------------------------
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2dcopy1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: