Snort mailing list archives

Previous By Date Next
Previous By Thread Next

snort 1.9 keeping fds open after SIGHUP

From: Michael Scheidell <scheidell () secnap net>
Date: Thu, 28 Nov 2002 19:20:40 -0500 (EST)
Snort 1.9, compiled with flex resp keeps fds open after SIGHUP.
happens on FBSD 4.7-STABLE, compiled with flex resp.

Have snort 1.9 on FBSD 3.51 without flex resp and only see the syslog
socket.

(is flex resp on 1.9 holding open a fd that it is not releasing on
SIGHUP? or is there something in FBSD 4.7?

start snort:
/usr/local/bin/snort -doDI -m 022 -z \
-c /etc/snort/snort_wan.conf -l /var/log/snort_wan

sockstat | grep snort
root     snort    33180   10 ip64   *:*                   *:*
root     snort    33180    4 dgram  syslogd[67]:3

uses two sockets.

send sighup and check fds.

kill -HUP `cat /var/run/snort_fxp1.pid`

sockstat | grep snort
root     snort    33180   10 ip64   *:*                   *:*
root     snort    33180   12 ip64   *:*                   *:*
root     snort    33180    4 dgram  syslogd[67]:3

now using three sockets
each sighup uses an additional socket.

-- 
Michael Scheidell, CEO
SECNAP Network Security, LLC 
Sales: 866-SECNAPNET / (1-866-732-6276)
Main: 561-368-9561 / www.secnap.net
Looking for a career in Internet security?
http://www.secnap.net/employment/


-------------------------------------------------------
This SF.net email is sponsored by: Get the new Palm Tungsten T 
handheld. Power & Color in a compact size! 
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: