Snort stops working
-
Hi all,
I've got a box (quad core 2ghz, 2gb of ram) with a fresh 1.2 release where snort stops working after a while ( 1 day, 3 days …it depends). There is no message except the one saying snort exited with a core dump (dmesg : pid 53134 (snort), uid 0: exited on signal 11 (core dumped)). I also have ntop runing, can it be the problem ?
Thanks. -
ntop and snort are both memory hogs. How much memory do you have in that machine?
-
ntop and snort are both memory hogs. How much memory do you have in that machine?
i´d say roughly 2gb :)
I've got a box (quad core 2ghz, 2gb of ram) -
;) 2Gb
-
Have you tried running Snort with a very minimal ruleset? I've had trouble with the 'Backdoor' ruleset crashing Snort (not sure which rule), and more recently one of the 'DDOS' rules was shutting it down.
-
I have 3 rulesets, including the backdoor one. The ddos is crashing due to the SMTP rule. I'll try without the backdoor one.
-
With only Exploit and BAckdoor rules, snort still crashes.
It can work without "core dumping" between 1 and 4 days.What I have seen is that snort does not give the right amount of ram in the logs :
"Ram free BEFORE starting Snort: 166M – Ram free AFTER starting Snort: 166M "
Or"Ram free BEFORE starting Snort: 67M -- Ram free AFTER starting Snort: 67M "
just restarted ten minutes ago:"SnortStartup[29480]: Ram free BEFORE starting Snort: 112M – Ram free AFTER starting Snort: 112M -- Mode ac-sparsebands -- Snort memory usage:"
I have 2GB on that machine!!!!
Any clue ?