Home page logo
/

snort logo Snort mailing list archives

Why does the Snort process stop?
From: "Atkins, Dwane P" <ATKINSD () uthscsa edu>
Date: Tue, 25 Jan 2011 08:14:45 -0600

What am I doing wrong?
Yesterday it the Snort process lasted almost 12 hours.  Before it was almost 48.
If there a place where I can go look at why it quit?  I saw one instance in my /var/log/messages where the interface 
enters promiscuous mode and then leave it.

Where do I start?  I have this on a Dell PowerEdge 2800 so it has enough processor.  What about memory requirements?  
What is the minimum for an intensive packet sniff?

Can I append a troubleshooting log to a file so I can see what is happening?

Thank you all for your help

Dwane


ps -ef | grep snort
root      1561  1415  0 Jan21 ?        00:41:07 /usr/local/bin/barnyard2 -c /usr/local/snort/etc/barnyard2.conf -G 
/usr/local/snort/etc/gen-msg.map -S /usr/local/snort/etc/sid-msg.map -d /var/log/snort -f snort.u2 -w 
/var/log/snort/barnyard2.waldo
dubay     5231  5198  0 08:13 pts/0    00:00:00 grep --color=auto snort
dubay () Wilbur:/var/log/snort$ more /etc/rc.local
#!/bin/sh -e
#
# rc.local
#
# This script is executed at the end of each multiuser runlevel.
# Make sure that the script will "exit 0" on success or any other
# value on error.
#
# In order to enable or disable this script just change the execution
# bits.
#
# By default this script does nothing.
# configured to bring up eth1 on reboot
ifconfig eth1 up
# configured to bring up snort
/usr/local/snort/bin/snort -D -u snort -g snort -c /usr/local/snort/etc/snort.conf -i eth1
# configured to bring up barnyard2 on reboot
/usr/local/bin/barnyard2 -c /usr/local/snort/etc/barnyard2.conf -G /usr/local/snort/etc/gen-msg.map -S 
/usr/local/snort/etc/sid-msg.map -d /var/log/snort -f snort.u2 -w /var/log/snort/barny
ard2.waldo
exit 0
------------------------------------------------------------------------------
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires 
February 28th, so secure your free ArcSight Logger TODAY! 
http://p.sf.net/sfu/arcsight-sfd2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault