Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Snort dying after 1 minute

    2.1 Snapshot Feedback and Problems - RETIRED
    3
    4
    1.8k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Gradius
      last edited by

      Jul 17 19:26:04 kernel: pid 9014 (snort), uid 0: exited on signal 11
      Jul 17 19:24:59 snort[9014]: Commencing packet processing (pid=9014)
      Jul 17 19:24:59 snort[9014]: Commencing packet processing (pid=9014)
      Jul 17 19:24:59 snort[9014]: –== Initialization Complete ==--

      Sigh.  ::)

      1 Reply Last reply Reply Quote 0
      • C
        Cino
        last edited by

        lots of info in that post

        this may help:
        post your issue in the board called  'packages'
        include your pfsense version
        include your snort version

        1 Reply Last reply Reply Quote 0
        • G
          Gradius
          last edited by

          Fixed, but what this means?

          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'trojan.nervos' is set but not ever checked.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'trojan.nervos' is set but not ever checked.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'backdoor.asylum.connect' is checked but not ever set.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'backdoor.asylum.connect' is checked but not ever set.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'ET.MSSQL' is checked but not ever set.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'ET.MSSQL' is checked but not ever set.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'ET.RBN.Malvertiser' is set but not ever checked.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'ET.RBN.Malvertiser' is set but not ever checked.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'backdoor.fearless.runtime' is checked but not ever set.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'backdoor.fearless.runtime' is checked but not ever set.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'ET.Evil' is set but not ever checked.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'ET.Evil' is set but not ever checked.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'backdoor.y3krat_15.client.response' is checked but not ever set.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'backdoor.y3krat_15.client.response' is checked but not ever set.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'AOLAdmin1.1.connection' is checked but not ever set.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'AOLAdmin1.1.connection' is checked but not ever set.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'ET.http.javaclient.vulnerable' is checked but not ever set.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'ET.http.javaclient.vulnerable' is checked but not ever set.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'backdoor.donalddick.1.5.b.3.conn' is checked but not ever set.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'backdoor.donalddick.1.5.b.3.conn' is checked but not ever set.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'ET.BotccIP' is set but not ever checked.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'ET.BotccIP' is set but not ever checked.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'dorkbot.ircinit' is set but not ever checked.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'dorkbot.ircinit' is set but not ever checked.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'kit.blackhole' is set but not ever checked.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'kit.blackhole' is set but not ever checked.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'ET.gadu.loggedin' is checked but not ever set.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'ET.gadu.loggedin' is checked but not ever set.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'telnet.ruggedcom' is checked but not ever set.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'telnet.ruggedcom' is checked but not ever set.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'ET.CompIP' is set but not ever checked.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'ET.CompIP' is set but not ever checked.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'ET.DshieldIP' is set but not ever checked.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'ET.DshieldIP' is set but not ever checked.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'is_proto_irc' is checked but not ever set.
          Jul 17 19:33:07 snort[6011]: WARNING: flowbits key 'is_proto_irc' is checked but not ever set.

          1 Reply Last reply Reply Quote 0
          • S
            slim0801
            last edited by

            Try to put the Preprocessors >  Max Queued Bytes 11048576 (10 MB) or above and the Max Queued Segs 30000 or above.
            See if that works for you.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.