Snort 1.7 dies on OpenBSD 2.9 after some time.

[Johan Simon Seland <johans () netfonds no>]

Hello.

I am in the process of deploying snort at my company. It will run on a
dedicated snort box, and it will listen to both the inside and the
outside of our first firewall.

I compiled snort from the OpenBSD ports collection, downloaded the
current ruleset from www.snort.org and started one process on each
interface with:

snort -Afull -o -i xl2 -l /var/log/snort2 -c /etc/snort/snort.conf -D
snort -Afull -o -i xl0 -l /var/log/snort0 -c /etc/snort/snort.conf -D

After about 40 minutes the process listening to xl2 died . The process
on xl0 (which is outside the FW and thus have more traffic has been
running for a few hours). Yesterday I had only the process on xl0
going, and it died after a few hours.

The logfiles shows a lot of:

Jun 20 12:59:13 kiko snort: [!] ERROR: Cannot allocate fragment buffer(us
age 0x133140B4) 

But not around the time of the process dying.

The machine is an Intel P3 600MHZ with 128MB RAM, 3NICs.

This machine has previously been used as a workstation, and I don't
think the memory is corrupt (but one never knows)


--
Regards
Johan Seland
Programmer
Net Fonds ASA

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users