Re: Snort silently dying...

[Carlos G Mendioroz <tron () acm org>]

Y M @ 11/03/2015 18:06 -0300 dixit:
> > From: tron () acm org
> > To: snort () outlook com
> > CC: snort-users () lists sourceforge net
> > Subject: Re: [Snort-users] Snort silently dying...
> >
> > Nope, as I said, it silently died.
> > The only sign of it leaving was "adapter xxx left promiscuous mode".
> > What surprised me is that it had been working for ages (well, months)
> > and without any change it started dying. It sounds like some "new"
> > attack was sending it belly up. Too late now, I have already upgraded :)
>
> Good that you have gone through the upgrade. Just a total wild guess
> here, you may need to compile Snort with --enable-non-ether-decoders. If
> I recall properly on the list, this have solved some Snort "dying"
> issues. Not sure what you experienced is related to this or not.

I did have that option enabled (and kept it, as I'm sniffing ppp
sessions and sounds like needed).
Added --enable-sourcefire too based on some doc advise.

-- 
Carlos G Mendioroz  <tron () acm org>

------------------------------------------------------------------------------
Dive into the World of Parallel Programming The Go Parallel Website, sponsored
by Intel and developed in partnership with Slashdot Media, is your hub for all
things parallel software development, from weekly thought leadership blogs to
news, videos, case studies, tutorials and more. Take a look and join the 
conversation now. http://goparallel.sourceforge.net/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!