Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Partial system crash while snort exiting

From: "Richard Lang" <carlisian () post cz>
Date: Mon, 24 May 2004 17:09:04 +0200 (CEST)
Hi all

I hope somedoby can help me with following problem:

After today's midnight system probably refuses to read/write from
HDD. I was able to use just running services. It wasn't possible
to start anything new including ssh sesion or shutdown command.

I've found these lines at the end of "/var/log/mesages". No newer
records were found in any other logs.

May 23 23:58:12 ipcop kernel: INPUT IN=eth2 OUT=
MAC=00:50:fc:37:24:ea:00:07:50:a0:8f:82:08:00 SRC=213.220.209.39
DST=213.220.221.133 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=63207 DF
PROTO=TCP SPT=4987 DPT=135 WINDOW=64240 RES=0x00 SYN URGP=0 May
24 00:00:06 ipcop kernel: INPUT IN=eth2 OUT=
MAC=00:50:fc:37:24:ea:00:05:5e:6b:43:c2:08:00 SRC=212.220.221.133
DST=213.220.221.133 LEN=563 TOS=0x00 PREC=0x00 TTL=115 ID=7138
PROTO=UDP SPT=666 DPT=1026 LEN=543 May 24 00:01:04 ipcop snort:
Snort exiting
May 24 00:01:05 ipcop snort: Initializing daemon mode
May 24 00:01:05 ipcop snort: PID path stat checked out ok, PID
path set to /var/run/ May 24 00:01:05 ipcop snort: Writing PID
"31823" to file "/var/run//snort_eth2.pid" May 24 00:01:05 ipcop
snort: [*] Frag2 config:
May 24 00:01:05 ipcop snort:     Fragment timeout: 60 seconds
May 24 00:01:05 ipcop snort:     Fragment memory cap: 2097152
bytes May 24 00:01:05 ipcop snort:     Fragment min_ttl:   0

I am runnig IPCOP 1.3 (fix 9) headless (without keyboard or
grafical card)

-*> Snort! <*-
Version 2.0.0 (Build 72)

kernel:
Linux version 2.4.24 (root () server1 wormgoor com) (gcc version
2.96 20000731 (Red Hat Linux 7.3 2.96-113)) #1 do feb 19 17:13:53
CET 2004

 thank you very much in advance.
 
 best regards,

Richard


-------------------------------------------------------
This SF.Net email is sponsored by: Oracle 10g
Get certified on the hottest thing ever to hit the market... Oracle 10g. 
Take an Oracle 10g class now, and we'll give you the exam FREE.
http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: