Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: odd issue with barnyard2 pid files

From: beenph <beenph () gmail com>
Date: Wed, 9 Feb 2011 00:21:12 -0500
On Tue, Feb 8, 2011 at 10:12 PM, Russell Fulton <r.fulton () auckland ac nz> wrote:

Hi,

I have a number of sensors on which I run snort and barnyard2 all are more or less identically configured 
(configuration pushed out from by a configuration management system -- puppet).  On a couple of the sensors the 
created pid file is empty?  which means that barnyard2 does not get shut down gracefully and I get errors on restart 
about inconsistent cids.

Any ideas what might cause this?




[snort@mon263549 ~]$ barnyard2 -V

 ______   -*> Barnyard2 <*-
 / ,,_  \  Version 2.1.8 (Build 251)
 |o"  )~|  By the SecurixLive.com Team: http://www.securixlive.com/about.php
 + '''' +  (C) Copyright 2008-2010 SecurixLive.

          Snort by Martin Roesch & The Snort Team: http://www.snort.org/team.html
          (C) Copyright 1998-2007 Sourcefire Inc., et al.

[snort@mon263549 ~]$ ls -l run
total 8
-rw------- 1 snort snort    0 Feb  1 11:13 barnyard2_dmzo.pid
-rw------- 1 snort snort    0 Feb  1 11:13 barnyard2_dmzo.pid.lck
-rw-rw-r-- 1 root  root     6 Feb  9 15:12 snort_eth1-dmzo.pid
-rw-rw-r-- 1 root  root     0 Feb  9 15:12 snort_eth1-dmzo.pid.lck

4695 ?        Ss    26:07 barnyard2 -c dmzo/conf/barnyard.conf -d /home/snort/data/dmzo/ -l /home/snort/data/dmzo/ -w 
/home/snort/data/dmzo/checkpoint -i dmzo -f snort.log --pid-path /home/snort/run/


Russell



What do you mean by barnyard2 do not get shut down gracefully? Which
tool do you use to control your processes startup and shutdown?
Can you output more error on the "inconsistent cid" issue your mentionning?

As a side note what are the permission on the parent directory?

Thanks,

-elz

------------------------------------------------------------------------------
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: