Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Problem initializing SNORT

From: "Manuel Humberto Santander Pelaez" <msantand () palmiferousinc com>
Date: Mon, 23 Jul 2001 12:45:44 -0500
Hello.

I just installed snort within a switched environment with two NIC, one of 
them without an IP address. When I try to startup snort, shows me a single, 
sometimes two traffic message before dying with the following message:

-*> Snort! <*-
Version 1.8-RELEASE (Build 43)
By Martin Roesch (roesch () sourcefire com, www.snort.org)
exhausted all 0 blocks of 1 treeroots; exiting; you might want to increase 
DEFAULT_MAX_ROOT_BLOCKS or DEFAULT_ROOT_BLOCK_SIZE in params.h
next free root: 0; int: 0, leaf: 0

Does anyone know what I?m doing wrong?

This is the initialization log:

[root@nids /root]# snort -c /etc/snort/snort.conf -i eth1

        --== Initializing Snort ==--
Checking PID path...
PATH_VARRUN is set to /var/run/ on this operating system

Initializing Network Interface eth1
WARNING: OpenPcap() device eth1 network lookup:
        eth1: no IPv4 address assigned
Decoding Ethernet on interface eth1
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!
Parsing Rules file /etc/snort/snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
No arguments to stream4 directive, setting defaults to:
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    Stateful Inspection: ACTIVE
    Stream Reassembly: INACTIVE
    Stream Stats: INACTIVE
    State Alerts: ACTIVE
No arguments to stream4_reassemble, setting defaults:
     Reassemble client: ACTIVE
     Reassemble server: INACTIVE
     Reassemble ports: 21 23 25 53 80 143 110 111 513
     Reassembly alerts: ACTIVE
Back Orifice detection brute force: DISABLED
Using LOCAL time
Anomoly sensor threshold adapting repeadly specified, ignoring later 
specification: 0.01 15 4 24 7
database: compiled support for ( mysql )
database: configured to use mysql
database:          user = root
database: password is set
database: database name = snort
database:          host = localhost
database:   sensor name = nids
database:     sensor id = 1
database: schema version = 103
database: using the "log" facility
database: compiled support for ( mysql )
database: configured to use mysql
database:          user = root
database: password is set
database: database name = snort
database:          host = localhost
database:   sensor name = nids
database:     sensor id = 1
database: schema version = 103
database: using the "alert" facility
919 Snort rules read...
919 Option Chains linked into 150 Chain Headers
0 Dynamic rules
+++++++++++++++++++++++++++++++++++++++++++++++++++

Rule application order: ->activation->dynamic->alert->pass->log

        --== Initialization Complete ==--


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: