You should try not running it in console mode, run it in daemon mode.
How many rules do you have enabled?
Please post your snort.conf file as I asked before.
--
Joel Esler
joel.esler@sourcefire.com
On Dec 28, 2007, at 11:29 PM, Rachmat Hidayat Al-Anshar wrote:
Ow, I have a wrong understanding about this, before I was thinking
that Snort stuck its process because of RAM lacking.
How is it Joel, the snort machine still stuck???
Now I using 768 MB of memory :'((
Help meee...
Thanks
Rachmat Hidayat Al Anshar
----- Forwarded Message ----
From: Rachmat Hidayat Al-Anshar <rachmat_hidayat_02@yahoo.com>
To: snort <Snort-users@lists.sourceforge.net>
Sent: Saturday, December 29, 2007 10:58:06 AM
Subject: Re: [Snort-users] [HELP] snort stop processing on
"Initializing rule chains" issue
<rachmat_hidayat_02@yahoo.com> wrote:
> Now I am using 512 MB of RAM and Snort still stuck on the road...
> after Not Using PCAP_FRAMES...
What do you mean by stuck on the road ? Can you give us a screenshot
of Snort running on your computer ?
Snort stuck its process, there is no any clue or message at all for
this issue.
I am using TSL for snort box, and I using the default env. (without
xserver)
I can't capture any screenshot, (i didn't also remote it using ssh
(^^!))
- Have you test your Snort installation first to test all your rules,
using -t (if I am not mistaken) ?
Yes indeed, I have test it using this following command:
snort -c /etc/snort/snort.conf -T
- Are you using Snort as a Daemon ?
Nope, for a first shake its run with this following command
snort -c /etc/snort/snort.conf -A console -K ascii
so I can notice what was snort done to console.
- Are there any traffic on your network that is monitored by Snort ?
Nope, because my snort was hanging around the process, there
is no packets was detected, even for a small parts.
Just like Joel says, that my box was lack of memory,
now I am trying to use 1 GB of memory :)
Thanks for your response Tedi :)
Happy days...
Rachmat Hidayat Al Anshar
--
cheers,
tedi
Blog : http://theriyanto.wordpress.com
Website : http://tedi.heriyanto.net
You Need More Than Awareness : Stay Alert!
Never miss a thing. Make Yahoo your homepage.
Be a better friend, newshound, and know-it-all with Yahoo! Mobile.
Try it
now
.-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
