Snort mailing list archives
Fwd: Re: disable frag3
From: Azfar Hashmi <azfar.hashmi () cloudways com>
Date: Tue, 20 Dec 2011 11:43:52 +0500
-------- Original Message -------- Subject: Re: [Snort-users] disable frag3 Date: Tue, 20 Dec 2011 10:56:50 +0500 From: Azfar Hashmi <azfar.hashmi () cloudways com> To: Snort-users () lists sourceforge net Here is my log, having too many memory fault and some times i see "segfault" error in my logs too. Frag3 statistics: Dec 20 06:30:12 snort[8750]: Total Fragments: 2413767 Dec 20 06:30:12 snort[8750]: Frags Reassembled: 5183 Dec 20 06:30:12 snort[8750]: Discards: 0 Dec 20 06:30:12 snort[8750]: Memory Faults: 18741 Dec 20 06:30:12 snort[8750]: Timeouts: 2 Dec 20 06:30:12 snort[8750]: Overlaps: 0 Dec 20 06:30:12 snort[8750]: Anomalies: 0 Dec 20 06:30:12 snort[8750]: Alerts: 0 Dec 20 06:30:12 snort[8750]: FragTrackers Added: 2407937 Dec 20 06:30:12 snort[8750]: FragTrackers Dumped: 2403849 Dec 20 06:30:12 snort[8750]: FragTrackers Auto Freed: 0 Dec 20 06:30:12 snort[8750]: Frag Nodes Inserted: 2413767 Dec 20 06:30:12 snort[8750]: Frag Nodes Deleted: 2409679
Let me ask the basic question first. Why are you trying to disable
the frag3 preprocessor? I have to do it for trouble-shooting purpose. Snort is crashing daily in load times and I have checked that that time server receiving large number of fragmented packets. If it stop crashing after disabling it then i will enable it after increasing its hardware power. On 12/19/2011 7:53 PM, Joel Esler wrote:
On Dec 19, 2011, at 5:33 AM, Azfar Hashmi wrote:I am trying to disable frag3 preprocessor but snort giving me an error that "invalid frag3 global option (disabled)" What I am doing wrong.
------------------------------------------------------------------------------ Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- disable frag3 Azfar Hashmi (Dec 19)
- Re: disable frag3 Joel Esler (Dec 19)
- Re: disable frag3 Azfar Hashmi (Dec 19)
- Fwd: Re: disable frag3 Azfar Hashmi (Dec 19)
- Re: Fwd: Re: disable frag3 Joel Esler (Dec 20)
- Re: Fwd: Re: disable frag3 Azfar Hashmi (Dec 23)
- Re: Fwd: Re: disable frag3 Joel Esler (Dec 23)
- Re: disable frag3 Azfar Hashmi (Dec 19)
- Re: disable frag3 Joel Esler (Dec 19)