Alex Kirk wrote:
* dmesg for the boxes this is occuring on (perhaps they just simply
don't have enough RAM to cope with what you're trying to do, there's a
driver problem, etc.)
dmesg | more ..... i just add some more memory to the box...i also paste
error message from /var/log/all.log (below).... if anybody know what is
going wrong, pls let me know...
-------------------
OpenBSD 3.5 (GENERIC) #34: Mon Mar 29 12:24:55 MST 2004
deraadt@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC
cpu0: Intel Pentium III ("GenuineIntel" 686-class, 512KB L2 cache) 449 MHz
cpu0:
FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,SER,MMX
,FXSR,SSE
cpu0: disabling processor serial number
real mem = 402227200 (392800K)
avail mem = 366387200 (357800K)
using 4278 buffers containing 20213760 bytes (19740K) of memory
mainbus0 (root)
bios0 at mainbus0: AT/286+(b7) BIOS, date 05/19/99, BIOS32 rev. 0 @ 0xfd7a0
apm0 at bios0: Power Management spec V1.2
apm0: AC on, battery charge unknown
pcibios0 at bios0: rev. 2.1 @ 0xfd7a0/0x860
pcibios0: PCI IRQ Routing Table rev. 1.0 @ 0xfdf30/176 (9 entries)
pcibios0: PCI Interrupt Router at 000:07:0 ("Intel 82371FB ISA" rev 0x00)
pcibios0: PCI bus #1 is the last bus
bios0: ROM list: 0xc0000/0x8000 0xc8000/0x4800 0xe0000/0x4000!
0xe4000/0xc000
pci0 at mainbus0 bus 0: configuration mode 1 (no bios)
pchb0 at pci0 dev 0 function 0 "Intel 82443BX AGP" rev 0x03
ppb0 at pci0 dev 1 function 0 "Intel 82443BX AGP" rev 0x03
-------------------------
* All the messages from /var/log/message surrounding this error (in
case there are other things which are leading up to this problem)
tail from /var/log/all.log...snort only running about 30 minutes...
-------------
Dec 20 09:54:56 ids1 snort: [1:553:7] POLICY FTP anonymous login attempt
[Classification: Misc activity] [Priority: 3]: <fxp0> {TCP}
217.196.121.21:3117 -> xxx.xxx.xxx.xxx:21
Dec 20 09:55:56 ids1 snort: [1:2003:7] MS-SQL Worm propagation attempt
[Classification: Misc Attack] [Priority: 2]: <fxp0> {UDP}
61.156.8.111:1240 -> xxx.xxx.xxx.xxx:1434
Dec 20 09:55:56 ids1 snort: FATAL ERROR: Unable to allocate memory!
(8193 requested)
Dec 20 10:00:01 ids1 cron[4705]: (root) CMD (/usr/bin/newsyslog)
Dec 20 10:00:01 ids1 cron[6273]: (root) CMD (/usr/sbin/sendmail -L
sm-msp-queue -Ac -q)
-------------------------------
I can't guarantee I can solve this, but I'd be happy to give it a shot.
Alex Kirk
Research Analyst
Sourcefire, Inc.
[ Scanned by JARING E-Mail Virus Scanner ( http://www.jaring.my ) ]
--
zul
-- Anything without choice are something that cannot be choosen. --
http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0xA0551B32
Key fingerprint = 28E4 8465 A65B 7CEC 4A4E 138F 26A3 9AA2 A055 1B32
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
