Snort mailing list archives
Re: Snort Runs But Stops Working
From: "Cynthia Leonard (cyleonar)" <cyleonar () cisco com>
Date: Mon, 1 Jun 2015 16:19:44 +0000
Did you try attaching gdb to Snort in that state and check what Snort is doing at that point of time? -Cynthia -----Original Message----- From: Cloherty, Sean E [mailto:scloherty () mitre org] Sent: Monday, June 01, 2015 5:58 PM To: snort-users () lists sourceforge net. Subject: [Snort-users] Snort Runs But Stops Working I have a situation where a number of Snort 2.9.7.3 instances which run perfectly well for long periods (days or weeks) and then stop alerting for no apparent reason. I run a script daily which sends pcap over the listening interface and causes a rule to fire off an alert. When a host goes without a test alert in 24 hours, I check by running it manually on that host. In these instances, Snort is always still listed when I run ps. However, the most recent merged.log files will be 0 bytes when should increment up for each test I run. If I kill the process, it sometimes will shut down after a LONG wait, but more often than not it doesn't and I do a kill -9. Upon restarting Snort, everything runs normally again. I am looking for any ideas on troubleshooting . Thanks. ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort Runs But Stops Working Cloherty, Sean E (Jun 01)
- Re: Snort Runs But Stops Working Cynthia Leonard (cyleonar) (Jun 01)
- Re: Snort Runs But Stops Working Cloherty, Sean E (Jun 01)
- <Possible follow-ups>
- Re: Snort Runs But Stops Working Carter Waxman (cwaxman) (Jun 04)
- Re: Snort Runs But Stops Working Cloherty, Sean E (Jun 08)
- Re: Snort Runs But Stops Working Carter Waxman (cwaxman) (Jun 16)
- Re: Snort Runs But Stops Working Cynthia Leonard (cyleonar) (Jun 01)