Re: [Snort-users] Snort 2.6.1 Stops Logging

To:	snort-users@lists.sourceforge.net
Subject:	Re: [Snort-users] Snort 2.6.1 Stops Logging
From:	"Eric J. Feldhusen" <efeldhusen.lists@gmail.com>
Date:	Wed, 22 Nov 2006 14:11:59 -0500
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	snort-list@securepoint.com
In-reply-to:	<Pine.LNX.4.64.0611222028240.1326@npre.npre.pbz>
List-archive:	<http://sourceforge.net/mailarchive/forum.php?forum=snort-users>
List-help:	<mailto:snort-users-request@lists.sourceforge.net?subject=help>
List-id:	"Snort users talk about... Snort!" <snort-users.lists.sourceforge.net>
List-post:	<mailto:snort-users@lists.sourceforge.net>
List-subscribe:	<https://lists.sourceforge.net/lists/listinfo/snort-users>, <mailto:snort-users-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe:	<https://lists.sourceforge.net/lists/listinfo/snort-users>, <mailto:snort-users-request@lists.sourceforge.net?subject=unsubscribe>
References:	<19a1e6d30611211220n583519f3xc875fce2723f7afb@mail.gmail.com> <456370C7.2070005@trimble.co.nz> <4563AEA1.2060309@gmail.com> <92ffd8ab0611220618xe3a1d28j384bd972bb505631@mail.gmail.com> <Pine.LNX.4.64.0611221648160.1332@npre.npre.pbz> <45648AC4.2020807@gmail.com> <Pine.LNX.4.64.0611222028240.1326@npre.npre.pbz>
Sender:	snort-users-bounces@lists.sourceforge.net
User-agent:	Thunderbird 1.5.0.8 (Macintosh/20061025)

rmkml wrote:
> Thx Eric,
> how memory you have please ?
2GB of ram, 1GB of swap

> possible send top when snort is started ?

top - 13:55:55 up 2 days, 22:08,  1 user,  load average: 1.03, 1.07, 1.00
Tasks:  73 total,   2 running,  71 sleeping,   0 stopped,   0 zombie
Cpu(s): 25.6% us,  1.4% sy,  0.0% ni, 72.9% id,  0.0% wa,  0.1% hi,  0.0% si
Mem:   2074920k total,  1570604k used,   504316k free,    73892k buffers
Swap:  1052248k total,        0k used,  1052248k free,  1231828k cached
top - 13:57:40 up 2 days, 22:10,  1 user,  load average: 0.55, 0.87, 0.93
Tasks:  73 total,   2 running,  71 sleeping,   0 stopped,   0 zombie
Cpu(s):  2.1% us,  2.9% sy,  0.0% ni, 94.8% id,  0.0% wa,  0.2% hi,  0.0% si
Mem:   2074920k total,  1548652k used,   526268k free,    73892k buffers
Swap:  1052248k total,        0k used,  1052248k free,  1231828k cached

   PID USER      PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  COMMAND 
 
                        32745 ntop      16   0  134m  43m 2976 S   11 
2.1 191:15.64 ntop 
                                               19645 snort     15   0 
52944  10m 1172 R    8  0.5   0:09.83 snort 
 
19667 root      16   0  3716  940  760 R    0  0.0   0:00.02 top 
 
                           1 root      16   0  2876  552  472 S    0 
0.0   0:01.17 init 
                                                   2 root      RT   0 
   0    0    0 S    0  0.0   0:00.19 migration/0 
 
   3 root      34  19     0    0    0 S    0  0.0   0:00.00 ksoftirqd/0 
 
                          4 root      RT   0     0    0    0 S    0  0.0 
   0:00.14 migration/1 
                                                5 root      34  19     0 
    0    0 S    0  0.0   0:00.00 ksoftirqd/1 
                                                                      6 
root      RT   0     0    0    0 S    0  0.0   0:00.12 migration/2 
 
                     7 root      34  19     0    0    0 S    0  0.0 
0:00.00 ksoftirqd/2 
                                             8 root      RT   0     0 
  0    0 S    0  0.0   0:03.85 migration/3 
                                                                    9 
root      34  19     0    0    0 S    0  0.0   0:00.00 ksoftirqd/3 
 
                    10 root       5 -10     0    0    0 S    0  0.0 
0:00.00 events/0 
                                            11 root       5 -10     0 
  0    0 S    0  0.0   0:00.00 events/1 
                                                                   12 
root       5 -10     0    0    0 S    0  0.0   0:00.00 events/2 
 
                    13 root       5 -10     0    0    0 S    0  0.0 
0:00.00 events/3 
                                            14 root       7 -10     0 
  0    0 S    0  0.0   0:00.01 khelper 
                                                                   15 
root      15 -10     0    0    0 S    0  0.0   0:00.00 kacpid 
 
                    30 root       5 -10     0    0    0 S    0  0.0 
0:00.00 kblockd/0 
                                            31 root       5 -10     0 
  0    0 S    0  0.0   0:00.00 kblockd/1 
                                                                   32 
root       5 -10     0    0    0 S    0  0.0   0:00.00 kblockd/2

> possible start snort with/without preproc-dynamic ?

Just making sure, I'm assuming I just need to comment out the ling
dynamicpreprocessor directory  /usr/lib/snort-2.6.1_dynamicpreprocessor/

or do I have to comment out all the dynamicengine and preprocessor lines?

> possible start snort without mysql output ?

Will do and will post follow up.

> possible for test run snort on verbose mode ?

Will do and will post follow up.
> Best Regards
> Rmkml


-- 
Eric Feldhusen
Network Administrator    http://www.remc1.org
eric@remc1.org
PO Box 270              (906) 482-4520  x239
809 Hecla St            (906) 482-5031 fax
Hancock, MI  49930      (906) 370 6202 mobile

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

<Prev in Thread]	Current Thread	[Next in Thread>
[Snort-users] Snort 2.6.1 Stops Logging, Colin Grady Re: [Snort-users] Snort 2.6.1 Stops Logging, Jason Haar Re: [Snort-users] Snort 2.6.1 Stops Logging, Eric J. Feldhusen Re: [Snort-users] Snort 2.6.1 Stops Logging, Colin Grady Re: [Snort-users] Snort 2.6.1 Stops Logging, Martin Roesch Re: [Snort-users] Snort 2.6.1 Stops Logging, Jason Haar Re: [Snort-users] Snort 2.6.1 Stops Logging, Eric Feldhusen Message not available Re: [Snort-users] Snort 2.6.1 Stops Logging, Eric J. Feldhusen Message not available Re: [Snort-users] Snort 2.6.1 Stops Logging, Eric J. Feldhusen <= Re: [Snort-users] Snort 2.6.1 Stops Logging, Julio E. Gonzalez P.

Previous by Date:	[Snort-users] Looooots of "Outstanding" and "Analyzed" packets - counter wrap ?, Andreas Maus
Next by Date:	Re: [Snort-users] Alert payloads not matching alert rules, Joel Esler
Previous by Thread:	Re: [Snort-users] Snort 2.6.1 Stops Logging, Eric J. Feldhusen
Next by Thread:	Re: [Snort-users] Snort 2.6.1 Stops Logging, Julio E. Gonzalez P.
Indexes:	[Date] [Thread] [Top] [All Lists]