New version of snort
-
Hi,.. when will be snort 2.8 on pfsense.
I have many problem when snort service is down. I have try to reinstall, and this is not working.
Thanks for your reply.
-
I suspect the answer will be - after the FreeBSD port is released ;)
Not that I think that a new version will solve your undefined "many problem".
-
Same problem here at first~
With reading the log, it was always run out of memory.We have reconfig the snort to use lowmem profile, and free memory from other packages.
Finally, it seems ok now, hope this help~ -
How much memory - snort is known for being a memory hog. My personal experience is that 2 GB is a good starting point for a box running snort…
-
In have P4 3.2 with hyper + 3GB memory and have problem snort - after five min, stop working;)
-
Ok, so when it stops working what is the error in the log?
If you're just going to post information free messages, you'd be quicker off not posting…
-
In have P4 3.2 with hyper + 3GB memory and have problem snort - after five min, stop working;)
I have this same exact problem with Snort. syslog shows this when it happens snort[47910]: ACSM-No Memory: acsmAddPattern!
Thats with only 5 rule catagories turned on. I've tried all the different performance settings and I get the same issue. Complete reinstall and the same issue.
-
I have this in sys log:
Mar 5 10:13:33 kernel: rl0: promiscuous mode disabled
Mar 5 10:13:33 snort[2152]: ACSM-No Memory: acsmAddPattern!
Mar 5 10:13:33 snort[2152]: ACSM-No Memory: acsmAddPattern!
Mar 5 10:13:03 SnortStartup[2212]: Ram free BEFORE starting Snort: 29M – Ram free AFTER starting Snort: 29M -- Mode ac -- Snort memory usage:
Mar 5 10:12:46 snort[2152]: Daemon initialized, signaled parent pid: 2151
Mar 5 10:12:46 snort[2152]: Daemon initialized, signaled parent pid: 2151 -
I have this in sys log:
Mar 5 10:13:33 kernel: rl0: promiscuous mode disabled
Mar 5 10:13:33 snort[2152]: ACSM-No Memory: acsmAddPattern!
Mar 5 10:13:33 snort[2152]: ACSM-No Memory: acsmAddPattern!
Mar 5 10:13:03 SnortStartup[2212]: Ram free BEFORE starting Snort: 29M – Ram free AFTER starting Snort: 29M -- Mode ac -- Snort memory usage:
Mar 5 10:12:46 snort[2152]: Daemon initialized, signaled parent pid: 2151
Mar 5 10:12:46 snort[2152]: Daemon initialized, signaled parent pid: 2151That is the same one I get here.
-
Hi All
Please use the "edit file" on snort and go to: /usr/local/pkg/snort.inc
copy the content of the file that attached and replace the content of the current file that on your machine.please notify if it helps.
Ilan
-
It did not help here.
Mar 12 00:24:12 kernel: ng0: promiscuous mode disabled
Mar 12 00:24:11 snort[72256]: ACSM-No Memory: acsmCompile!
Mar 12 00:24:11 snort[72256]: ACSM-No Memory: acsmCompile!
Mar 12 00:22:47 sshlockout[72371]: sshlockout starting up
Mar 12 00:22:47 sshlockout[72371]: sshlockout starting up
Mar 12 00:22:47 sshd[72367]: Accepted keyboard-interactive/pam for root from 192.168.1.20 port 1474 ssh2
Mar 12 00:22:22 SnortStartup[72267]: Ram free BEFORE starting Snort: 60M – Ram free AFTER starting Snort: 60M -- Mode ac -- Snort memory usage:
Mar 12 00:22:05 snort[72253]: Daemon parent exiting
Mar 12 00:22:05 snort[72253]: Daemon parent exiting
Mar 12 00:22:05 snort[72256]: Daemon initialized, signaled parent pid: 72253
Mar 12 00:22:05 snort[72256]: Daemon initialized, signaled parent pid: 72253
Mar 12 00:22:05 snort[72256]: Writing PID "72256" to file "/var/run//snort_ng0.pid"
Mar 12 00:22:05 snort[72256]: Writing PID "72256" to file "/var/run//snort_ng0.pid"
Mar 12 00:22:05 snort[72256]: PID path stat checked out ok, PID path set to /var/run/
Mar 12 00:22:05 snort[72256]: PID path stat checked out ok, PID path set to /var/run/
Mar 12 00:22:05 kernel: ng0: promiscuous mode enabled
Mar 12 00:22:05 snort[72253]: Initializing daemon mode
Mar 12 00:22:05 snort[72253]: Initializing daemon mode
Mar 12 00:22:05 kernel: ng0: promiscuous mode disabled
Mar 12 00:22:05 kernel: ng0: promiscuous mode enabled -
Did you guys figure this out? I'm getting the same error now. It happens while snort is loading the rules, right after startup.
