Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort dies and leaves no reason why, Any ideas?

From: John Sage <jsage () finchhaven com>
Date: Mon, 10 Dec 2001 17:17:48 -0800
um..

Neither -d nor -D have anything to do with debug mode.
At the risk of appearing a trifle harsh, I'd like to suggest, at the very least, that you try man snort, and find out what they *do* do... 


As far as debugging:

Hints:
To build debugging-enabled snort:

make distclean; ./configure --enable-debug; make

To debug some particular part of snort functionality:

export SNORT_DEBUG=<debuglevel> and run snort. See debug.h file
for details on debugging levels. (those could be combined, f.e.
if you want to see IP and TCP/UDP related info: debuglevel would
be: IPdebuglevel + TCPUDPdebuglevel)


This is from BUGS in the snort distro directory..


Somehow I'm not sure this is what you're really doing, however..

INSTALL states "...bug reports and developers only..."



- John



Wayne Ringling wrote:


I setup a new SuSE 7.3 i386 box (actually it's a PII 333, 256meg ram, 2
20gig hd's, 2 Accton 1207D Fast-ethernet cards).

 Now I set up eth0 for internal network (but have yet to plug a cable
into it)
 Then I set up eth1 for external network and installed a receive only
eth cable as the how says to run is stealth mode.
Ok, now software stuff. Kernel is a 2.4.10, snort is version1.8.1. Both are stock from the SuSE cd. Now I set up snort and start it and it 
will run for a while (last time 2 days approx.) then in
/var/log/messages I see eth1: left promiscous mode.  And that's it.  I
have searched for core files and all the other logs are clean.

 I am now running snort in debug mode hoping that I will get some info
on the screen why it is stoping by itself. I presume I should run it
with -d instead of -D correct for debug mode?
Wayne 




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: