Snort FATAL ERROR on 2.0-RC2



  • I have pfSense 2.0-RC2 (one of the firsts builds) in my ALIX 2C3 and Snort starts fine, but after a while it will use more and more memory and finally it shuts down when there's no more memory left. I noticed this error in the logs. This is right after a signature upgrade (which I do once a day):

    Jun 24 00:11:14 snort[12633]: FATAL ERROR: Failed to Lock PID File "/var/log/snort/run/snort_vr257280.pid" for PID "12633"
    Jun 24 00:11:14 snort[12633]: FATAL ERROR: Failed to Lock PID File "/var/log/snort/run/snort_vr257280.pid" for PID "12633"
    Jun 24 00:11:14 snort[12633]: PID path stat checked out ok, PID path set to /var/log/snort/run
    Jun 24 00:11:14 snort[12633]: PID path stat checked out ok, PID path set to /var/log/snort/run
    Jun 24 00:11:14 snort[12633]: Checking PID path…
    Jun 24 00:11:14 snort[12633]: Checking PID path…
    Jun 24 00:11:14 SnortStartup[12813]: Snort HARD Reload For 57280_vr2…
    Jun 24 00:11:14 snort[12633]: Daemon initialized, signaled parent pid: 54235
    Jun 24 00:11:14 snort[12633]: Daemon initialized, signaled parent pid: 54235

    Not sure if it's related to my problem, so I post this log just in case.
    Also I have Snort configured with the LOWMEM setting and use only some Emerging Threats signatures. I tried using just two or three signature categories but it's the same thing, it seems this is not related to having too many categories selected. Looks more like a leak. If you need any other config details let me know.
    Right now my only solution is to manually restart snort every day to avoid it leaking all RAM. And that's not so cool let me tell you :)
    Thanks!

    EDIT: I'm using Snort 2.8.6.1 pkg v. 1.34


Locked