OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: [Snort-users] snort dying quietly
From: Juergen Schmidt (juct.heise.de)
Date: Tue Nov 28 2000 - 05:35:24 CST

Hello,

I've just set up snort on a monitoring port next to our web server
(exactly: next to the loadbalancer in front of it). As it's a high
traffic site (2 million page views per day) I started with snort
ignoring HTTP traffic (i.e. I appended "not \( port 80 \)" at the end of
the snort invocation). As ruleset I use the vision.rules.

I get regular messages " kernel: eth0: card reports no resources." and
snort keeps dying quietly (w.o. any message). Sometimes it runs for over
an hour, sometimes only for minutes -- as it run for about 5 hours
during the night, it seems to be related to the network load though.

The machine is a 300 MHz PII, 256 MB RAM, the detection interface eth0
is an eepro100

Do you know what causes this and how I can avoid it?
Right now I'm restarting snort every 5 minutes via cron (if it isn't
running any more) :-(

bye, juergen

PS: Please CC the answers to me, as I've subscribed only the digest of
this list. 

-- 
Juergen Schmidt   Leitender Redakteur/senior editor  c't magazin
Verlag Heinz Heise GmbH & Co KG, Helstorferstr. 7, D-30625 Hannover
EMail: juct.heise.de - Tel.: +49 511 5352 300 - FAX: +49 511 5352 417
PGP-Key available
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
http://lists.sourceforge.net/mailman/listinfo/snort-users