I'm running snort 2.6.1.1 and it is pretty buggy and just seems to die
on a regular basis for no apparent reason. I did change the detection
engine to ac-bnfa so that it would start much faster, but that is
probably the most non-standard thing I have done.
My snort process will sometimes die and other times it will simply stop
sending alerts even though the process remains. I'm hoping the latest
version addreses some of these issues. I'm not sure if that is the same
problem you are having.
Andy Hester wrote:
> I have setup snort on my LAN following Andy Firman's setup guide (Thanks
> Andy). It is currently listening to a hub that is connected to a span
> port on my Cisco 4006. I have also run it without the hub directly into
> the span port. (The hub is only there to allow for other network
> traffic monitoring such as Observer - apparently the 4006 will only
> allow 1 span port.) Internal and External networks are both set to any,
> as I want to analyze all traffic and I didn't see any references for
> settings for that. Only thing missing at this point is Oinkmaster,
> which I haven't set up because I haven't got the thing to run for more
> than a day or so without giving a segfault.
>
> When snort segfaults, it gives no error messages that I can find. I
> have run in the foreground to see if there were any consistent issues ie
> rules etc at the time of the segfault, but I haven't found anything
> yet. I have seen a couple of other people that have had the same
> problem apparently and 1 suggested changing rulesets, which I did.
> Still having segfaults.
>
> I'm not sure what to do from here with no error messages, etc. Is this
> an issue that has been definitively resolved? I haven't been able to
> find a solution anywhere, only other people with the same questions.
> Any ideas or help would be appreciated.
>
> Thanks
> Andy
>
>
> -------------------------------------------------------------------------
> Take Surveys. Earn Cash. Influence the Future of IT
> Join SourceForge.net's Techsay panel and you'll get the chance to share your
> opinions on IT & business topics through brief surveys - and earn cash
> http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
> _______________________________________________
> Snort-users mailing list
> Snort-users@lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
--
-
- Bryan Swann (swann@spawar.navy.mil) 843/218-4749
- SPAWAR Systems Center Charleston
-
- The difference between genius and stupidity is that genius has its
limits. - Einstein
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
|