Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort failed to stay up after upgrade to 2.9.6.0

From: Michael Brown <mike.a.brown09 () gmail com>
Date: Wed, 19 Feb 2014 13:06:50 -0500
Just to add what Jeremy stated....

I would recommend running snort the way that he mentions every time.

---
Thank you,

Michael A. Brown
mike.a.brown09 () gmail com
(757) 912-0836
M.S. Forensic Studies: Computer Forensics
B.S. Information Technology: Network Specialist

"The only thing necessary for the triumph of evil is for good men to do
nothing" -Edmund Burke


On Wed, Feb 19, 2014 at 1:01 PM, Jeremy Hoel <jthoel () gmail com> wrote:


-T just tests the snort.conf.

For the next test, don't run snort off of init (that's odd that it
doesn't log anything to syslog) and run it in the foreground and see
what's failing) but run it locally:

snort -c /etc/snort/snort.conf -i eth_whatever

See what it says, see if you get too
"Commencing packet processing (pid=????)"

Once you get there, let it run for a bit then cntrl-c to break it,
look at the info presented.




On Wed, Feb 19, 2014 at 10:53 AM, Feroz Basir <feroz.basir () gmail com>
wrote:

Hi,

/var/log/messages file shown NIC enter promiscuous mode, then NIC exit

promiscuous mode. Nothing in syslog log file.


Thanks.

Regards,
Feroz Basir


On 20 Feb 2014, at 01:22, Jeremy Hoel <jthoel () gmail com> wrote:

Do you have any error messages from the syslog?


On Wed, Feb 19, 2014 at 10:17 AM, Feroz Basir <feroz.basir () gmail com>

wrote:

Hi all,

I'm running snort 2.9.4.6. I upgraded to version 2.9.6.0. Smooth

upgrade process, but then when I restarted snortd service, snort process
failed to stay up. Messages log file shown NIC enter promiscuous mode, then
NIC exit promiscuous mode. I've run with -T and everything was OK.


Anybody could help me, please?

Thank you.

Regards,
Feroz Basir


------------------------------------------------------------------------------

Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.


http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest

Snort news!


------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.

http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!


------------------------------------------------------------------------------
Managing the Performance of Cloud-Based Applications
Take advantage of what the Cloud has to offer - Avoid Common Pitfalls.
Read the Whitepaper.
http://pubads.g.doubleclick.net/gampad/clk?id=121054471&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: