Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Snort 2.9.11.1 daemon crashes after running for few days (SEGV and Dynamic Rule not initialized properly)

From: Black Lion via Snort-users <snort-users () lists snort org>
Date: Wed, 7 Mar 2018 18:55:32 +0200
Hello

I have recently installed Snort on Ubuntu Server 16.04.4 (Snot version 2.9.11.1
installed from source). I have also setup PulledPork and new snort rules
are downloaded automatically via a cron job. I have noticed that after a
few days of running the Snort daemon, it stops running with the SEGV
status, which I can see by running the 'service snort status' command. I
also noticed that about a minute before Snort crashes, there are a number
of messages showing 'Dynamic Rule [x:y] was not initialized properly'. I
have included the output of the 'service snort status' command below:

● snort.service - Snort NIDS Daemon
   Loaded: loaded (/lib/systemd/system/snort.service; enabled; vendor
preset: enabled)
   Active: failed (Result: core-dump) since Fri 2018-03-02 09:10:43 SAST; 2
days ago
  Process: 6098 ExecStart=/usr/local/bin/snort -q -u snort -g snort -c
/etc/snort/snort.conf -i eno1 (code=dumped, signal=SEGV)
 Main PID: 6098 (code=dumped, signal=SEGV)

Mar 02 09:10:43 SERVER92537 snort[6098]: Dynamic Rule [3:16533] was not
initialized properly.
Mar 02 09:10:43 SERVER92537 snort[6098]: Dynamic Rule [3:26877] was not
initialized properly.
Mar 02 09:10:43 SERVER92537 snort[6098]: Dynamic Rule [3:16408] was not
initialized properly.
Mar 02 09:10:43 SERVER92537 snort[6098]: Dynamic Rule [3:15912] was not
initialized properly.
Mar 02 09:10:43 SERVER92537 snort[6098]: Dynamic Rule [3:7019] was not
initialized properly.
Mar 02 09:10:43 SERVER92537 snort[6098]: Dynamic Rule [3:8351] was not
initialized properly.
Mar 02 09:10:43 SERVER92537 snort[6098]: Dynamic Rule [3:38834] was not
initialized properly.
Mar 02 09:10:43 SERVER92537 systemd[1]: snort.service: Main process exited,
code=dumped, status=11/SEGV
Mar 02 09:10:43 SERVER92537 systemd[1]: snort.service: Unit entered failed
state.
Mar 02 09:10:43 SERVER92537 systemd[1]: snort.service: Failed with result
'core-dump'.

What could be the reason that the snort service stops running after a few
days?

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Previous By Date Next
Previous By Thread Next

Current thread: