Snort mailing list archives
Re: Snort keeps quitting
From: john <john23 () ratservers co uk>
Date: Thu, 30 Aug 2007 14:36:13 +0100
On Thursday 30 August 2007 14:18, you wrote:
We're going to need some more info than that, perhaps your /var/log/messages errors? Joel
I cannot see anything in the logs that say anything about snort errors, it seems to start up ok, then just drops off, starting snort: ................ Aug 30 14:29:01 server50896 snort[6486]: Rule application order: activation->dynamic->pass->drop->alert->log Aug 30 14:29:01 server50896 snort[6486]: Log directory = /var/log/snort Aug 30 14:29:01 server50896 snort[6486]: 9 out of 512 flowbits in use. Aug 30 14:29:01 server50896 kernel: eth0: Promiscuous mode enabled. Aug 30 14:29:01 server50896 kernel: device eth0 entered promiscuous mode Aug 30 14:29:01 server50896 kernel: audit(1188480541.675:7): dev=eth0 prom=256 old_prom=0 auid=4294967295 Aug 30 14:29:01 server50896 kernel: device eth0 left promiscuous mode Aug 30 14:29:01 server50896 kernel: audit(1188480541.691:8): dev=eth0 prom=0 old_prom=256 auid=4294967295 Aug 30 14:29:01 server50896 snort[6486]: Initializing daemon mode Aug 30 14:29:01 server50896 kernel: eth0: Promiscuous mode enabled. Aug 30 14:29:01 server50896 kernel: device eth0 entered promiscuous mode Aug 30 14:29:01 server50896 kernel: audit(1188480541.707:9): dev=eth0 prom=256 old_prom=0 auid=4294967295 Aug 30 14:29:01 server50896 snort[6489]: PID path stat checked out ok, PID path set to /var/run/ Aug 30 14:29:01 server50896 snort[6489]: Writing PID "6489" to file "/var/run//snort_eth0.pid" Aug 30 14:29:01 server50896 snort[6486]: Daemon parent exiting Aug 30 14:29:01 server50896 snort[6489]: Daemon initialized, signaled parent pid: 6486 Aug 30 14:29:02 server50896 snort[6489]: Preprocessor/Decoder Rule Count: 0 Aug 30 14:29:02 server50896 snort[6489]: Snort initialization completed successfully (pid=6489) Aug 30 14:29:02 server50896 snort[6489]: Not Using PCAP_FRAMES then snort quits: Aug 30 14:31:11 server50896 kernel: device eth0 left promiscuous mode Aug 30 14:31:11 server50896 kernel: audit(1188480671.107:10): dev=eth0 prom=0 old_prom=256 auid=4294967295 ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort keeps quitting john (Aug 27)
- Message not available
- Re: Snort keeps quitting john (Aug 27)
- Message not available
- Re: Snort keeps quitting john (Aug 27)
- Message not available
- Re: Snort keeps quitting john (Aug 27)
- Re: Snort keeps quitting john (Aug 30)
- Message not available
- Re: Snort keeps quitting john (Aug 30)
- Re: Snort keeps quitting Joel Esler (Aug 30)
- Re: Snort keeps quitting john (Aug 30)
- Re: Snort keeps quitting john (Aug 27)
- Message not available