Snort mailing list archives
Re: Snort 1.9.0 Hard Crashes/Lockups
From: Erek Adams <erek () snort org>
Date: Thu, 6 Feb 2003 13:47:22 -0500 (EST)
[comments inline] On Thu, 6 Feb 2003, Ricardo, Gerson wrote:
Most every time i start snort on my linux (RH 7.3) server it locks up at wholly sporadic times. If snort isn't running, the machine works quite fine. Mind you it captures/processes packets beautifully while the system is responsive - but when it does lock up it's frozen - requires a hard reboot. There's no shocking messages in /var/log, no syslog panic notifications, nothing i can readily detect. So i humbly ask for a bit of your time in helping a fellow bungler discover his (hopefully) obvious mistakes. These hard lockups are seemingly random - could be 10 minutes after initializing the process, could be 5 hours after. For the sake of listing it, the only operational issue i have is when i try to move objects from the ACID cache into the mysql archive. This is the error I get:
[...snip...]
I somehow don't think that the lockups and the aforementioned error are related - i'm simply laying the cards on the table. BTW, line 91,92,93 for the file acid_db.inc read as thus:
[..snip...] Agreed. Your error may be coming from something else.
For any and all who get this far into this question, thanks a million for your time, I hope to be able to repay your efforts. To give you something to work with I have included several stats/log/conf readings to help preempt any questions you may have. Thanks again for your help!
Some things to try. * Grab the -stable CVS build tarball and give that a whirl. There have been some minor tweaks since 1.9.0 came out that are in CVS that _might_ * Grab the -current CVS build tarball. It's 2.0 and there are quite a few changes between 1.9.0 and 2.0. * Start disabling preprocessors. You might be running into something odd in one of them. * If you are logging to binary, check the captures. You might have some sorta crazy packet causing Snort or a preprocessor to barf. Re-run the pcaps thru Snort and see if the box dies. Oh, and since you can't use the box, you can send it to me since it's useless to you. ;-) I'll even pay shipping! Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort 1.9.0 Hard Crashes/Lockups Ricardo, Gerson (Feb 06)
- Re: Snort 1.9.0 Hard Crashes/Lockups Erek Adams (Feb 06)
- Re: Snort 1.9.0 Hard Crashes/Lockups Demetri Mouratis (Feb 06)
- Re: Snort 1.9.0 Hard Crashes/Lockups Chris Green (Feb 06)