Snort mailing list archives
Re: Snort Abend after BAD-TRAFFIC
From: Jason <security () brvenik com>
Date: Sun, 21 Mar 2004 11:56:02 -0500
I believe your problem will be resolved by moving to a different logging format.
the message Mar 21 10:28:37 OEI-RHLXSnort snort: FATAL ERROR: OpenLogFile() => mkdir(/var/log/snort/209.176.247.84) log directory: Too many link s indicates you have too many files under the current directory. Mark.Schutzmann () Omron com wrote:
I saw these messages in my syslog this morning after an alert that Snort
had abended. There were more than 100 of the BAD-TRAFFIC messages though.
Does anyone have any suggestions about whether there is some configuration
in my snort.conf or other external factors that could have caused this?
Best Regards,
Mark
Mar 21 10:28:37 OEI-RHLXSnort snort: [1:528:4] BAD-TRAFFIC loopback traffic
[Classification: Potentially Bad Traffic] [Priority: 2]:
{TCP} 127.0.0.1:80 -> 209.176.102.178:1043
Mar 21 10:28:37 OEI-RHLXSnort snort: [1:528:4] BAD-TRAFFIC loopback traffic
[Classification: Potentially Bad Traffic] [Priority: 2]:
{TCP} 127.0.0.1:80 -> 209.176.6.213:1713
Mar 21 10:28:37 OEI-RHLXSnort snort: [1:528:4] BAD-TRAFFIC loopback traffic
[Classification: Potentially Bad Traffic] [Priority: 2]:
{TCP} 127.0.0.1:80 -> 209.176.6.213:1713
Mar 21 10:28:37 OEI-RHLXSnort snort: [1:528:4] BAD-TRAFFIC loopback traffic
[Classification: Potentially Bad Traffic] [Priority: 2]:
{TCP} 127.0.0.1:80 -> 209.176.247.84:1704
Mar 21 10:28:37 OEI-RHLXSnort snort: FATAL ERROR: OpenLogFile() =>
mkdir(/var/log/snort/209.176.247.84) log directory: Too many link
s
Mar 21 10:28:37 OEI-RHLXSnort kernel: device eth0 left promiscuous mode
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Abend after BAD-TRAFFIC Mark . Schutzmann (Mar 21)
- Re: Snort Abend after BAD-TRAFFIC Jason (Mar 21)
- <Possible follow-ups>
- Re: Snort Abend after BAD-TRAFFIC Mark . Schutzmann (Mar 21)
- Re: Snort Abend after BAD-TRAFFIC Jason Haar (Mar 21)
- Re: Snort Abend after BAD-TRAFFIC Frank Knobbe (Mar 21)
- Re: Snort Abend after BAD-TRAFFIC Jason Haar (Mar 21)
- Re: Snort Abend after BAD-TRAFFIC Jason Haar (Mar 21)
- Re: Snort Abend after BAD-TRAFFIC Jason (Mar 21)
- Re: Snort Abend after BAD-TRAFFIC Steve Thompson (Mar 23)