Snort mailing list archives
Re: snort 1.8.1 dies
From: Martin Roesch <roesch () sourcefire com>
Date: Fri, 26 Oct 2001 18:18:24 -0400
We need more information. Command line switches, any error messages that Snort is generating, etc. If you're running in daemon mode, try running in normal mode and see if it gives you an error message or a core file, and if it does back trace it for us. Check the BUGS file for more info on what we're looking for. -Marty Philipp Snizek wrote:
Hi all, I've installed snort 1.8.1 on a p133 with 48mb ram, linux kernel 2.4.4. The only log entries I've got are Oct 25 12:36:39 mx kernel: device eth1 left promiscuous mode Oct 26 18:12:44 mx kernel: device eth1 left promiscuous mode and then snort dies. Config is the following: var HOME_NET ip.address.of.host/32 var EXTERNAL_NET network.address/subnetmask var SMTP ip.address.of.host/32 var HTTP_SERVERS $HOME_NET var DNS_SERVERS ip.address.of.host/32 include bad-traffic.rules include exploit.rules include scan.rules #include finger.rules #include ftp.rules #include telnet.rules include smtp.rules include rpc.rules include rservices.rules include dos.rules include ddos.rules include dns.rules #include tftp.rules include web-cgi.rules include web-coldfusion.rules include web-frontpage.rules include web-iis.rules include web-misc.rules #include sql.rules #include x11.rules include icmp.rules #include netbios.rules include misc.rules include attack-responses.rules # include backdoor.rules # include shellcode.rules # include policy.rules # include info.rules # include icmp-info.rules # include virus.rules include local.rules I've never experienced this problem before with previous snort version on other systems although I had a similar amount of rules running. I'm grateful for every tip to solve this problem. Philipp _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Martin Roesch - President, Sourcefire Inc. - (410)552-6999 roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- snort 1.8.1 dies Philipp Snizek (Oct 26)
- Re: snort 1.8.1 dies Martin Roesch (Oct 27)
- AW: snort 1.8.1 dies Philipp Snizek (Oct 31)
- Re: snort 1.8.1 dies Martin Roesch (Oct 27)