Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort 2.8.2.1 stops logging after 1 minute...

From: craig <snort () rsw co za>
Date: Wed, 16 Jul 2008 21:03:12 +0200
On Wed, 2008-07-16 at 13:59 -0400, JJ Cummings wrote:


with what specific rules (set wise) enabled / disabled?


brilliant idea.. :P this got me thinking (an anomaly on its own)... 

More background on the sensor... It use to be 2.4.3 and I was only able
to upgrade it recently. 

I "merged" the rulesets from 2.4.3 to 2.8.2.1. I think somehow a invalid
setting got inserted that might have been causing the problem.

I decided now to recreate the policy from scratch and only import
default snort 2.8_s sigs to test if it might be something in the conf
file or sigs. 

Touch wood its still going after 10 mins. I will monitor it for a while
longer and see if it kills over or not.

Brent, maybe you can try creating a ruleset from scratch and manually
entering the suppressions and thresholds and see if it works for you.

I will gradually add the Emerging Threat sigs and see if that make a
difference as well.

Thanks for all the input guys, much appreciated!

Chat soon.

Craig



craig wrote:

On Wed, 2008-07-16 at 11:43 -0600, Bamm Visscher wrote:

Can you provide the list of rules you are running?
    

The rulesets are standard Snort 2.8_s and Emerging Threat rules.

On Wed, Jul 16, 2008 at 8:48 AM, craig <snort () rsw co za <mailto:snort () rsw co za>> wrote:

Hi List,

I have installation running 2.8.2.1 that stops logging to the database and
log file after about 1 minute of starting up.

has anyone experienced the same problem yet or have some advise as to where
I can start looking for what might be the cause?

Thanks

Craig
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great
prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/ 
<http://moblin-contest.org/redirect.php?banner_id=100&url=/>
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net <mailto:Snort-users () lists sourceforge net>
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





    

------------------------------------------------------------------------

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
------------------------------------------------------------------------

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: