Snort inilization failure
-
On 1GB of ram?
Blimey!
Time to drop snort then :LOL:
The irony here is that it would run for ages on a machine with only 256mb of ram, so I upgraded to 1GB and it won't work for more than a minute or 2.
That's very odd behaviour.
-
1 gig should be plenty. Not sure why its core dumping then.. Shrugs.
-
I am running 1 gig as well. I know its not shutting down due to low ram. When snort is running my memory usage stays around 55-60%. At no point do I see my memory reach 80, 90, or 100%. I have swap enabled and it's always at 0%. When snort is not running my mem usage is 5-6%.
I am not trying to insult you Scott nor do I doubt your intelligence on this issue, but I can say this with 99% certainty: The issue is something other than running out of ram. :)
So basically Snort is not starting up on reboots, and on dhcp renewal.
Do you want me to send you a copy of my config Scott, to see if you can get this to duplicate?
-
I am running 1 gig as well. I know its not shutting down due to low ram. When snort is running my memory usage stays around 55-60%. At no point do I see my memory reach 80, 90, or 100%. I have swap enabled and it's always at 0%. When snort is not running my mem usage is 5-6%.
I am not trying to insult you Scott nor do I doubt your intelligence on this issue, but I can say this with 99% certainty: The issue is something other than running out of ram. :)
So basically Snort is not starting up on reboots, and on dhcp renewal.
Do you want me to send you a copy of my config Scott, to see if you can get this to duplicate?
All the above applies to me too, as does the offer of configs and any other help I can give :)
-
I've noticed something in my testing. It seems that whatever is causing snort to fail on bootup the first time, it's towards the end of the bootup process.
-
I take it the offer of configs and logs is not wanted?
Would a donation help to get this looked at?
-
Try uninstalling and reinstalling the package. I just uploaded a re compiled version.
-
Still experiencing the same issue. Had to click save after reinstall and reboot to get Snort to startup. Any luck PC_Arcade?
-
You may also want to upgrade to http://www.pfsense.com/~sullrich/1.0.1-SNAPSHOT-11-19-2006/
6.2-RC1
-
I have tested the snort package under 1.01 about a week ago and it ran fine for me, although I only ran it for about a couple of days. Not to throw out the obvious here, but if pc_arcade had it running under 256 but not under a gig, it sounds like there is a good possibility that there is possibly some bad ram in the mix. I'd run a checkmem on it and see what happens.
-
You may also want to upgrade to http://www.pfsense.com/~sullrich/1.0.1-SNAPSHOT-11-19-2006/
6.2-RC1
Will do. Does that need to be a fresh install or will an upgrade be ok?
-
I have tested the snort package under 1.01 about a week ago and it ran fine for me, although I only ran it for about a couple of days. Not to throw out the obvious here, but if pc_arcade had it running under 256 but not under a gig, it sounds like there is a good possibility that there is possibly some bad ram in the mix. I'd run a checkmem on it and see what happens.
Doubt it. If it was a bad batch of Memory it wouldn't run at all.
-
-
No go. Snort initialization is stuck in an infinite loop. It will initialize, reach about 90% bootup complete, terminate, and start over. I'm counting five times so far that it has started to initialize, failed, restarted initialization, and it keeps failing over and over.
-
Clicking Save in snort settings stopped the loop and successfully booted Snort.
-
Hi, Just 'd like to ask what's the status here with the issue ?
my pfsense is 1.0.1
Last time it was with 1.0-RC3 when snort caused network problem
and it was quite a headache to try to find out what's wrong till
we have to take off snort all together.I assume then 6.2 RC1 ( Scott's earlier link ) + snort works alright ?
I have more than 1 G ram for pfsense.
Cheers,
-
Snort works. Its just the initialization process I am experiencing issues with. I don't believe everyone is experiencing it. Once snort initializes successfully it works great. You can run a port scan on your firewall and you will see it in the logs.
-
Snort works. Its just the initialization process I am experiencing issues with. I don't believe everyone is experiencing it. Once snort initializes successfully it works great. You can run a port scan on your firewall and you will see it in the logs.
aah Ok, thanks yoda715
gl for that
-
Still experiencing the same issue. Had to click save after reinstall and reboot to get Snort to startup. Any luck PC_Arcade?
Same behaviour with just the package update, I'll try the pfsense update later and report back
-
I didn't see any different behavior until I updated to the latest snapshot. Then snort would get stuck in an infinite initialization loop.