Re: [Sebastiaan <S.Breedveld@ITS.TUDelft.NL>] Re: snort dies

To: Patrick Cheong Shu Yang <patrick.cheong@hitech.com.my>
Cc: debian-user@lists.debian.org
Subject: Re: [Sebastiaan <S.Breedveld@ITS.TUDelft.NL>] Re: snort dies
From: Sebastiaan <S.Breedveld@ITS.TUDelft.NL>
Date: Tue, 24 Jul 2001 12:14:58 +0200 (METDST)
Message-id: <[🔎] Pine.HPP.3.95.1010724121437.16809A-100000@elektron.its.tudelft.nl>
In-reply-to: <[🔎] 995949275.13346.20.camel@debian>

Thank you. I will try it.

Greetz,
Sebastiaan



--
  NT is the OS of the future. The main engine is the 16-bit Subsystem
  (also called MS-DOS Subsystem). Above that, there is the windoze 95/98
  16-bit Subsystem. Anyone can see that 16+16=32, so windoze NT is a 
  *real* 32-bit system.


On 24 Jul 2001, Patrick Cheong Shu Yang wrote:

> I have been running snort on Potato/Woody machines and have also some
> across similar problems. My solution:-
> 
> Removed the 5snort script and attached additional lines to logrotate to
> re-start snort once the logs have been rotated. I also made a script
> which will monitor the snort/swatch/qpage process every 5 minutes to
> ensure these are up. If not, it will attempt to start the process and
> mail the admins. If the second time round it can't re-start the process,
> it will page/mail the admin. We have an alternate paging service on a
> seperate box, which will page upon receipt of mail. The above solution
> is working for me...if you like, I can mail you the required scripts.
> 
> I am now working on some scripts which will check and download
> snort.org/max vision snort rules and then update these to our current
> rules periodically....it's a Work-In-Progress.
> 
> 
> Cheers,
> 
> Patrick
>  
> > Hello,
> > 
> > On Sun, 22 Jul 2001, Martin F. Krafft wrote:
> > 
> > > hey all,
> > > i looked in the debian bug system, and aside it being mentioned, i
> > > have not found an answer. /etc/cron.daily/5snort seems to kill snort
> > > when configured in start-at-boot mode. however, if i run the cron
> > > script manually, it restarts just fine. but after a day, snort will
> > > silently die on the system, which is definitely not what i want...
> > > it seems to do fine in dialup mode.
> > > 
> > I have noticed the same problem: sort dies sometimes. I hoped to intercept
> > this problem to check wether snort runs every hour (and restart if it
> > isn't), but I still get empty reports every now and then.
> > 
> > > any clues or fixes? this is on potato btw.
> > > 
> > Submit a bugreport. I am running potato with 2.4.6-pre3 on a PowerMac, but
> > still have the same problems. I have also a computer running woody and I
> > have only received empty reports. I do not know if this is still a bug or
> > if I simply have not had an attack or something.
> > 
> > Greetz,
> > Sebastiaan
> > 
> > 
> > -- 
> > To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
> > with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> > 
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>

Reply to:

References:
- [Sebastiaan <S.Breedveld@ITS.TUDelft.NL>] Re: snort dies
  - From: Patrick Cheong Shu Yang <patrick.cheong@hitech.com.my>

Prev by Date: Re: Starting a GPL'ed Blackhole Service to Replace MAPS
Next by Date: Re: cvs permissions
Previous by thread: [Sebastiaan <S.Breedveld@ITS.TUDelft.NL>] Re: snort dies
Next by thread: [OT] Making images from CDs
Index(es):
- Date
- Thread