Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Snort-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Snort-users] snort process getting killed

from [Joel Esler] Network Security [Permanent Link]
Subject: Re: [Snort-users] snort process getting killed
Date: Wed, 16 May 2007 02:24:19 -0400 
What search-method are you using, out of curiosity.  Did you tell us or have 
you not said yet.

j


On Tue, May 15, 2007 at 05:41:03PM -0400, it looks like doug schmidt sent me:

Hi,
This started I believe when upgrading to various 2.6 versions. I
compile. Once started, snort uses lots of CPU and uses memory till
there is about 16mb free.
Right now, I have 2.6.1.5 compiled and running. Its been running about
12 minutes.
Has not been killed as of yet.

last pid: 21628;  load averages:  0.37,  0.46,  0.57
                                                    17:38:34
44 processes:  43 sleeping, 1 on cpu
CPU states: 57.8% idle, 36.3% user,  5.9% kernel,  0.0% iowait,  0.0% swap
Memory: 1023M real, 17M free, 1075M swap in use, 776M swap free

   PID USERNAME THR PRI NICE  SIZE   RES STATE    TIME    CPU COMMAND
 21624 snort      1  12    0 1000M   43M sleep   12:25 38.19% snort
 21625 root       1  58    0 1644K  340K sleep    0:32  1.38% truss
 21628 root       1  58    0 1836K  924K cpu      0:03  0.92% top

Im using oinkmaster 1.2 for rule updates, and have just updated rules 
yesterday.
They are; snortrules-snapshot-CURRENT.tar.gz

At this point have not downgraded yet, or disabled any rules. I will
get a copy of the rules file to post.

thanks.
~doug

On 5/15/07, rmkml <rmkml@free.fr> wrote:

Hi Doug,
I have multiple question :
 your snort2614_compiled or snort pkg ?
 what is your snort.conf please ?
 how memory use snort before killed snort ?
 what snort rules you use ? vrt_sourcefire ? bleedingedge ?
 do you have same pb if you disable snort rules ?
 do you have same pb if you use previous snort version ? 2.4.x ? <2.6.1.4 ?
Best Regards
Rmkml



On Tue, 15 May 2007, doug schmidt wrote:


Date: Tue, 15 May 2007 15:06:22 -0400
From: doug schmidt <douglas.j.schmidt@gmail.com>
To: snort-users@lists.sourceforge.net
Subject: Re: [Snort-users] snort process getting killed

Almost forgot. This is snort 2.6.1.4

~doug

On 5/15/07, doug schmidt <> wrote:


Hi All,
Im having a problem where snort keeps getting killed at various times 
from being started. It is not dumping core.
This is running on a solaris 8 for intel box. When I truss the process, 
this is what Im getting:

451:        Incurred fault #6, FLTBOUNDS  %pc = 0x08072EB1
451:          siginfo: SIGSEGV SEGV_MAPERR addr=0x00000001
451:        Received signal #11, SIGSEGV [default]
451:          siginfo: SIGSEGV SEGV_MAPERR addr=0x00000001
451:            *** process killed ***

Any ideas?

thanks.
~doug




-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users








+-----
joel esler | security consultant | Sourcefire | 
http://demo.sourcefire.com/jesler.pgp.key

Attachment: pgpw9Nx6VzWsc.pgp
Description: PGP signature

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Snort-users] snort process getting killed, doug schmidt
Next by Date:  Re: [Snort-users] snort process getting killed, Joel Esler
Previous by Thread:  Re: [Snort-users] snort process getting killed, doug schmidt
Next by Thread:  Re: [Snort-users] snort process getting killed, doug schmidt
Indexes:  [Date] [Thread] [Top] [All Lists]