Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort FATAL ERROR on 2.0-RC2

    Scheduled Pinned Locked Moved pfSense Packages
    1 Posts 1 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      feadin
      last edited by

      I have pfSense 2.0-RC2 (one of the firsts builds) in my ALIX 2C3 and Snort starts fine, but after a while it will use more and more memory and finally it shuts down when there's no more memory left. I noticed this error in the logs. This is right after a signature upgrade (which I do once a day):

      Jun 24 00:11:14 snort[12633]: FATAL ERROR: Failed to Lock PID File "/var/log/snort/run/snort_vr257280.pid" for PID "12633"
      Jun 24 00:11:14 snort[12633]: FATAL ERROR: Failed to Lock PID File "/var/log/snort/run/snort_vr257280.pid" for PID "12633"
      Jun 24 00:11:14 snort[12633]: PID path stat checked out ok, PID path set to /var/log/snort/run
      Jun 24 00:11:14 snort[12633]: PID path stat checked out ok, PID path set to /var/log/snort/run
      Jun 24 00:11:14 snort[12633]: Checking PID path…
      Jun 24 00:11:14 snort[12633]: Checking PID path…
      Jun 24 00:11:14 SnortStartup[12813]: Snort HARD Reload For 57280_vr2…
      Jun 24 00:11:14 snort[12633]: Daemon initialized, signaled parent pid: 54235
      Jun 24 00:11:14 snort[12633]: Daemon initialized, signaled parent pid: 54235

      Not sure if it's related to my problem, so I post this log just in case.
      Also I have Snort configured with the LOWMEM setting and use only some Emerging Threats signatures. I tried using just two or three signature categories but it's the same thing, it seems this is not related to having too many categories selected. Looks more like a leak. If you need any other config details let me know.
      Right now my only solution is to manually restart snort every day to avoid it leaking all RAM. And that's not so cool let me tell you :)
      Thanks!

      EDIT: I'm using Snort 2.8.6.1 pkg v. 1.34

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.