Snort is going down sometimes...

[Marcin Zurakowski <marcin () interfirma pl>]

Hi,

I've found is my messages something like this:

Jul 23 11:20:00 nat CROND[8995]: (root) CMD (   /sbin/rmmod -as)
Jul 23 11:20:03 nat kernel: VM: killing process snort
Jul 23 11:20:03 nat kernel: device eth0 left promiscuous mode

Configuration:
- RH7.0
- kernel 2.2.19 with openwall patch
- snort-1.8.1-beta3 installed from tarball ( I had the same problem with
  snort 1.7 and snort-1.8p1-0.i386.rpm)
- command line: /usr/sbin/snort -u snort -g snort -d -D \
                -i eth0 -l /var/log/snort -c /etc/snort/snort.conf
- configuration file

--------------------------------------------------------------------------
######### NETWORK

var INTERNAL [192.168.1.1/32]
var IGNORE [192.168.1.1/32]
var EXTERNAL !$INTERNAL

# add preprocessors here
preprocessor defrag
preprocessor stream2: timeout 23, ports 21 23 25 80 110 143, maxbytes
16384
preprocessor telnet_decode
preprocessor http_decode: 80 2301
preprocessor rpc_decode: 111
preprocessor bo: -nobrute
preprocessor portscan: $INTERNAL 5 5 portscan.log
preprocessor portscan-ignorehosts: $IGNORE

....

and vision rules
---------------------------------------------------------------------------


-- 

Marcin Zurakowski

InterFirma Administrator



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users