Snort-2.0 "buglet"? Wrong error on out-of-memory error

[Jason Haar <Jason.Haar () trimble co nz>]

I run snort-2.0 under softlimit to ensure snort never runs off and swallows
all the RAM on the system:

i.e.

exec /usr/local/bin/softlimit -o 100 -a 70000000 \
 /usr/sbin/snort.20 -i eth1 -c /etc/snort20/host.conf \
 -U -y -u snort -g snort -e -o -I -l log \
 -t /var/log/snort not esp and not src host this_host

Anyway, I decided to reconfigure snort to use a whole buncha extra rules,
and it crashed at startup:

Rule application order: ->pass->activation->dynamic->alert->log->tagged
ERROR: Absdir is not a subset of the logdirFatal Error, Quitting..

Huh? Well yeah - I'm running it in a jail, etc. But after some farting
around I realised it was nothing to do with the logfile locations - it was
just that the extra rules had pushed snort's memory usage above 60M. So I
banged it up to 70 and away it's gone.

So the question is: can memory issues be caught earlier and reported as such
- instead of totally non-related errors like that occurring?

Thanks!

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users