I have been running snort on Potato/Woody machines and have also some across similar problems. My solution:-
Removed the 5snort script and attached additional lines to logrotate to re-start snort once the logs have been rotated. I also made a script which will monitor the snort/swatch/qpage process every 5 minutes to ensure these are up. If not, it will attempt to start the process and mail the admins. If the second time round it can't re-start the process, it will page/mail the admin. We have an alternate paging service on a seperate box, which will page upon receipt of mail. The above solution is working for me...if you like, I can mail you the required scripts. I am now working on some scripts which will check and download snort.org/max vision snort rules and then update these to our current rules periodically....it's a Work-In-Progress. Cheers, Patrick > Hello, > > On Sun, 22 Jul 2001, Martin F. Krafft wrote: > > > hey all, > > i looked in the debian bug system, and aside it being mentioned, i > > have not found an answer. /etc/cron.daily/5snort seems to kill snort > > when configured in start-at-boot mode. however, if i run the cron > > script manually, it restarts just fine. but after a day, snort will > > silently die on the system, which is definitely not what i want... > > it seems to do fine in dialup mode. > > > I have noticed the same problem: sort dies sometimes. I hoped to intercept > this problem to check wether snort runs every hour (and restart if it > isn't), but I still get empty reports every now and then. > > > any clues or fixes? this is on potato btw. > > > Submit a bugreport. I am running potato with 2.4.6-pre3 on a PowerMac, but > still have the same problems. I have also a computer running woody and I > have only received empty reports. I do not know if this is still a bug or > if I simply have not had an attack or something. > > Greetz, > Sebastiaan > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] >
