Re: Snort dies after a few days.

[Phil Wood <cpw () lanl gov>]

There has been a discussion on the tcpdump.org list that indicates that RH 7.2
is broken in regards to libpcap and packet timestamps.  You might want to
upgrade your kernel to 2.4.18 (www.kernel.org).

[not for the uninitiated.]

PS: If you make sure that your snort environment is providing "core" dumps,

      prompt: ulimit -c 10000000
    
    prior to starting snort, and you have a snort compiled with '-g', then
    you could send information to the list that would be helpful.  See:

      BUGS

Later, 

On Mon, Mar 25, 2002 at 09:56:25AM +0100, Emilio Mira Alfaro wrote:
> I'm using snort 1.8.4-beta4 I compiled with mysql and flexresp
> support, libpcap 0.7.1, on RH 7.2 and it's listening from an ATM
> interface. It's running ok, but after a few days, it dies for some
> unknown reason. In /var/log/messages I get:
>
> Mar  24 10:40:57 abc snort: Snort received signal 15, exiting
> Mar  24 10:40:57 abc kernel: device atm0 left promiscuous mode
>
> I recently updated RH 6.2 to RH 7.2 and snort 1.8.2 to 1.8.4-beta4.
> When I worked with RH 6.2 and snort 1.8.2 I hadn't this problem.
>
> Any ideas?
>
> Thanks in advance. 
>
> --
> Emilio Mira
> e-mail: emial () alumni uv es
>
>
>
>
>
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list

-- 
Phil Wood, cpw () lanl gov


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users