[Snort-users] Fwd: snort crash using some rules

To:	SNORT <snort-users@lists.sourceforge.net>
Subject:	[Snort-users] Fwd: snort crash using some rules
From:	Joel Esler <joel.esler@sourcefire.com>
Date:	Wed, 28 Mar 2007 15:36:39 -0400
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	snort-list@securepoint.com
List-archive:	<http://sourceforge.net/mailarchive/forum.php?forum=snort-users>
List-help:	<mailto:snort-users-request@lists.sourceforge.net?subject=help>
List-id:	"Snort users talk about... Snort!" <snort-users.lists.sourceforge.net>
List-post:	<mailto:snort-users@lists.sourceforge.net>
List-subscribe:	<https://lists.sourceforge.net/lists/listinfo/snort-users>, <mailto:snort-users-request@lists.sourceforge.net?subject=subscribe>
List-unsubscribe:	<https://lists.sourceforge.net/lists/listinfo/snort-users>, <mailto:snort-users-request@lists.sourceforge.net?subject=unsubscribe>
References:	<20070328165344.M13273@bellera.cat>
Sender:	snort-users-bounces@lists.sourceforge.net

+---------------------------------------------------------------------+

Joel Esler Security Consultant

gpg key: http://demo.sourcefire.com/jesler.pgp.key

+---------------------------------------------------------------------+

Begin forwarded message:

From: "Josep Pujadas i Jubany" <josep@bellera.cat>
Date: March 28, 2007 1:19:44 PM EDT
To: Joel Esler <joel.esler@sourcefire.com>
Subject: Re: [Snort-users] snort crash using some rules
X-Mailer: Open WebMail 2.32 20040525

On Wed, 28 Mar 2007 08:58:44 -0400, Joel Esler wrote

I am running all these rulesets and they all work for me.

What do you mean crash? What is the error you are getting in

your /var/log/messages file?

+---------------------------------------------------------------------+

Joel,

When it works I have:

Mar 27 20:28:45 my_machine kernel: bge0: promiscuous mode enabled
Mar 27 20:28:45 my_machine snort[1660]: PID path stat checked out ok, PID
path set to /var/run/
Mar 27 20:28:45 my_machine snort[1660]: Writing PID "1660" to
file "/var/run//snort_bge0.pid"
Mar 27 20:28:45 my_machine snort[1659]: Daemon parent exiting
Mar 27 20:28:45 my_machine snort[1660]: Daemon initialized, signaled parent
pid: 1659
Mar 27 20:29:03 my_machine snort[1660]: Snort initialization completed
successfully (pid=1660)
Mar 27 20:29:03 my_machine snort[1660]: Using PCAP_FRAMES = max

When it crashes I have:

Mar 28 18:57:02 my_machine kernel: bge0: promiscuous mode enabled
Mar 28 18:57:02 my_machine snort[6099]: PID path stat checked out ok, PID
path set to /var/run/
Mar 28 18:57:02 my_machine snort[6099]: Writing PID "6099" to
file "/var/run//snort_bge0.pid"
Mar 28 18:57:02 my_machine snort[6098]: Daemon parent exiting
Mar 28 18:57:02 my_machine snort[6099]: Daemon initialized, signaled parent
pid: 6098
Mar 28 18:57:34 my_machine kernel: bge0: promiscuous mode disabled

And If I look for snort I have:

# /usr/local/etc/rc.d/snort status
snort is not running.

Thanks,

Josep Pujadas

-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys-and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV

_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

<Prev in Thread]	Current Thread	[Next in Thread>
[Snort-users] Fwd: snort crash using some rules, Joel Esler <=

Previous by Date:	[Snort-users] Fwd: No alerts attacking with nmap, Joel Esler
Next by Date:	[Snort-users] Fw: Re: snort crash using some rules, Josep Pujadas i Jubany
Previous by Thread:	[Snort-users] Fwd: No alerts attacking with nmap, Joel Esler
Next by Thread:	[Snort-users] Unifed login plugin, Carlos Terrón
Indexes:	[Date] [Thread] [Top] [All Lists]