Is Snort using libpcap also? I'm not sure about multiple apps trying to put the interfaces in promiscuous mode and if they would all play together nicely. Maybe kill snort and see what happens? I think best practices would prefer your IDS on dedicated hardware anyway.
G -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tim Boyer Sent: Wednesday, December 19, 2007 8:02 PM To: [email protected] Subject: RE: [Ntop] RE: Ntop Digest, Vol 43, Issue 17 > Tim Boyer wrote: > > > On Dec 19, 2007 11:31 AM, Tim Boyer <[EMAIL PROTECTED]> wrote: > > > > > > > > > > When I had that problem, I stopped ntop, blew away all of the > > > > > RRD directories and all of the .db files except for > > > > > ntop_pw.db and prefsCache.db. > > > > > > > > > > Since then, it's been running fine - well over a month now. > > > > > > > > > > I suspect that the actual culprit was dnsCache.db, based on > > > > > previous conversations on this list, but can't confirm that. > > > > > > > > > > > > > > > Kurt > > > > > > > > Did all that. ntop didn't last a minute. > > > > > > Rebuild the box? Break out the debugger? > > > > Yeah, that's the next step. Except everything's working fine > > - except for > > ntop. I hate to rebuild just for that, much as I want ntop. > > What else are you running on the box? > > Kurt It's a RHEL5 system, acting as my internal router, so it's got four nics, and it's running snort, squid, and zenoss. -- tim -- _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop <font size="1"> <div style='border:none;border-bottom:double windowtext 2.25pt;padding:0in 0in 1.0pt 0in'> </div> "This email is intended to be reviewed by only the intended recipient and may contain information that is privileged and/or confidential. If you are not the intended recipient, you are hereby notified that any review, use, dissemination, disclosure or copying of this email and its attachments, if any, is strictly prohibited. If you have received this email in error, please immediately notify the sender by return email and delete this email from your system." </font> _______________________________________________ Ntop mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop
