Re: snort 2.8.2.1 stops logging after 1 minute...

[JJ Cummings <cummingsj () gmail com>]

I have seen the same thing on FBSD 7.0R w/ 2.8.2.1 from ports tree and 
directly built from source... I am doing a bit of debugging on that 
right now actually.

Frank Reid wrote:
> Yes to all.  On FreeBSD 6.3-STABLE with the Snort 2.8.2.X from the 
> FreeBSD ports tree, I have the same issues even with just a minimum 
> Snort “stock” rule set enabled.  It logs to MySQL no longer than an 
> hour, and usually stops logging within minutes after starting.  It 
> then consumes the entire CPU until I kill -9 the process.  I 
> downloaded and built a binary from the previous 2.8.1 code base, and 
> it’s been running now for weeks without a hiccup using the complete 
> Snort rule set as well as the Emerging Threats “ALL” rules (less I few 
> I culled for my specific needs).  I have been running Snort on FreeBSD 
> forever (since 1.X code), and this is the first time I’ve had a 
> problem of this magnitude.  So, until someone can figure out what’s 
> going on with 2.8.2, I’m stuck in the 2.8.1 world.
>
>
> Frank
>
>  
>
> ------------------------------------------------------------------------
>
> *From:* snort-users-bounces () lists sourceforge net 
> [mailto:snort-users-bounces () lists sourceforge net] *On Behalf Of *craig
> *Sent:* Wednesday, July 16, 2008 1:47 PM
> *To:* JJ Cummings
> *Cc:* snort-users () lists sourceforge net
> *Subject:* Re: [Snort-users] snort 2.8.2.1 stops logging after 1 minute...
>
>  
>
>  
>
>
> On Wed, 2008-07-16 at 13:32 -0400, JJ Cummings wrote:
>
>  
> Any other bizarre behavior... i.e. high cpu usage during non-logging.. 
> high mem usage etc etc...
>  
>
> Not that I can see:
>
>   PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  
> COMMAND          
> 21726 snort   16   0  539m 474m 2184 S  9.7 23.6   0:27.04 snort  
>
> The process averages on +- 10% CPU and occasionally spikes to 99%. 
> hmm, maybe I should roll back to 2.8.0 like Brent did and see if that 
> helps. This is the first time in my experience with snort that it does 
> something like this.
>
>
>  
> J
>  
> Erickson, Brent W CIV NAVSEA KPWA wrote:
> > Hello List and Craig,
>
> Hi Brent :)
>
>  
> > I have the same problem when running Snort 2.8.2.1 in binary dump mode.
> >
> > So I dropped back to Snort 2.8.0
> >
> > And I still have not figured out the problem.
> >
> > Any one have any ideas?
> >
> > Brent Erickson
> >  
> >
> > -----Original Message-----
> > From: snort-users-bounces () lists sourceforge net <mailto:snort-users-bounces () lists sourceforge net>
> > [mailto:snort-users-bounces () lists sourceforge net] On Behalf Of craig
> > Sent: Wednesday, July 16, 2008 7:48
> > To: snort-users () lists sourceforge net <mailto:snort-users () lists sourceforge net>
> > Subject: [Snort-users] snort 2.8.2.1 stops logging after 1 minute...
> >
> > Hi List,
> >
> > I have installation running 2.8.2.1 that stops logging to the database
> > and log file after about 1 minute of starting up.
> >
> > has anyone experienced the same problem yet or have some advise as to
> > where I can start looking for what might be the cause?
> >
> > Thanks
> >
> > Craig 
>  
>   

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users