Home page logo
/

snort logo Snort mailing list archives

Snort refuses to start/run on Ubuntu 13.04
From: Tony Robinson <deusexmachina667 () gmail com>
Date: Fri, 14 Jun 2013 19:50:53 -0400

Hello,

Wondering if any of you experienced a problem starting up snort on Ubuntu
13.04?

I get snort 2.9.4.6 to install and compile happily on a barebones 13.04
Server install, but the minute I go to run snort I get this on the terminal:

root () as-dev-ubuntu-13-04:~# ps -ef | grep snort
root      1691  1641  0 19:43 pts/0    00:00:00 grep --color=auto snort
root () as-dev-ubuntu-13-04:~# bash /etc/rc.local
/etc/rc.local: line 15:  1699 Killed
/usr/local/snort/bin/snort -D -u snort -g snort -c
/usr/local/snort/etc/snort.conf -i eth1


Killed. Okay then, very descriptive error message there, Ubuntu. Why?
Syslog will surely tell me, right?let's cat syslog:

Jun 14 19:43:08 as-dev-ubuntu-13-04 rsyslogd-2177: imuxsock begins to drop
messages from pid 1699 due to rate-limiting
Jun 14 19:43:15 as-dev-ubuntu-13-04 kernel: [  123.020634] select 1 (init),
adj 0, size 263, to kill
Jun 14 19:43:15 as-dev-ubuntu-13-04 kernel: [  123.020643] select 975
(mysqld), adj 0, size 9699, to kill
Jun 14 19:43:15 as-dev-ubuntu-13-04 kernel: [  123.020645] select 1699
(snort), adj 0, size 68334, to kill
Jun 14 19:43:15 as-dev-ubuntu-13-04 kernel: [  123.020646] send sigkill to
1699 (snort), adj 0, size 68334
Jun 14 19:43:15 as-dev-ubuntu-13-04 kernel: [  123.020908] select 1 (init),
adj 0, size 263, to kill
Jun 14 19:43:15 as-dev-ubuntu-13-04 kernel: [  123.020911] select 975
(mysqld), adj 0, size 9699, to kill

So, based on the above, I can only theorize that rsyslog/imuxsock doesn't
like how verbose snort is and axes it because it thinks there's something
wrong with the process.

Have any of you run across this, and if so, how'd you resolve it?


-- 
when does reality end? when does fantasy begin?
------------------------------------------------------------------------------
This SF.net email is sponsored by Windows:

Build for Windows Store.

http://p.sf.net/sfu/windows-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault