[Snort-users] Snort 2.0 rc1 pass solved / now mysql problem

From: Kenneth G. Arnold <bkarnold(at)cbu.edu>
Date: Mon Mar 31 2003 - 10:42:25 EST

I discovered that my startup script was eliminating both the -D and -o options when I was running in test mode. When I started to get the rule problems, I switched to test mode and it was in test mode that the majority of the passes were ignored. I have since changed this so that the -o option is added in test mode. Therefore there is no problem with the -o option after all.

---

Once I finally got snort running, I discovered that the snort process would die after about 5-10 minutes. It died in both daemon mode and non-daemon mode. When it died in non-daemon mode, it created a core file and had the following error:

./snortd: line 61: 6708 Segmentation Fault $SNORT_PATH/snort -c $CONFIG -i $IFACE -g $SNORT_GID -l $LOGDIR $OPTIONS

where:

./snortd is my startup script
$SNORT_PATH=/usr/local/bin
CONFIG=/etc/snort2/snort.conf
LOGDIR=/var/log/snort2
IFACE=dmfe1
SNORT_GID=nogroup
OPTIONS=-"-o"

Sun V100
Solaris 9
gcc 3.2

         ./configure --with-mysql=/usr/local/mysql mysql 4.10 gamma

I successfully ran this version without the output to the mysql database for 30 minutes. Version 1.9.1 ran fine with this version of mysql. Does version 2.0 rc1 have a problem with this version of mysql? Do I need to install a version 3 mysql instead?

Ken

At 09:09 AM 3/31/03 -0500, Chris Green wrote:
>"Kenneth G. Arnold" <bkarnold@cbu.edu> writes:

---

This SF.net email is sponsored by: ValueWeb: Dedicated Hosting for just $79/mo with 500 GB of bandwidth! No other company gives more support or power for your dedicated server http://click.atdmt.com/AFF/go/sdnxxaff00300020aff/direct/01/

---

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users Received on Mon Mar 31 14:50:12 2003