I think I might start from scratch. Do you guys have any beta stuff to test. I can run it on my new box?
>>> [EMAIL PROTECTED] 2/5/2007 4:13:30 PM >>> I have never seen that before. Maybe snort was already running so it could not lock the file? On 2/5/07, Bill Roth <[EMAIL PROTECTED]> wrote: > ok, I put a new box together with enough memory for snort (the BTX issue > which was stupid to ask, so sorry), and here is a sample of my logs. I > am not sure what all of this means, but it doesn't look good. > > snort2c[864]: SIGTERM received - exiting > Feb 5 13:57:32 snort2c[864]: SIGTERM received - exiting > Feb 5 13:57:32 snort[851]: Daemon parent exiting > Feb 5 13:57:32 snort[851]: Daemon parent exiting > Feb 5 13:57:30 snort[851]: Child exited unexpectedly > Feb 5 13:57:30 snort[851]: Child exited unexpectedly > Feb 5 13:57:29 snort[866]: FATAL ERROR: Failed to Lock PID File > "/var/run//snort_fxp0.pid" for PID "866" > Feb 5 13:57:29 snort[866]: FATAL ERROR: Failed to Lock PID File > "/var/run//snort_fxp0.pid" for PID "866" > Feb 5 13:57:29 snort[866]: PID path stat checked out ok, PID path set > to /var/run/ > Feb 5 13:57:29 snort[866]: PID path stat checked out ok, PID path set > to /var/run/ > Feb 5 13:57:29 snort[866]: Var 'fxp0_ADDRESS' redefined > Feb 5 13:57:29 snort[866]: Var 'fxp0_ADDRESS' redefined > Feb 5 13:57:29 snort[851]: Initializing daemon mode > Feb 5 13:57:29 snort[851]: Initializing daemon mode > Feb 5 13:57:29 snort[851]: , value = 192.168.1.0/255.255.255.0 > Feb 5 13:57:29 snort[851]: , value = 192.168.1.0/255.255.255.0 > Feb 5 13:57:29 snort[851]: Var 'fxp0_ADDRESS' defined, value len = 25 > chars > Feb 5 13:57:29 snort[851]: Var 'fxp0_ADDRESS' defined, value len = 25 > chars > Feb 5 13:57:29 snort[851]: Warning: flowbits key 'ms_sql_seen_dns' is > checked but not ever set. > Feb 5 13:57:29 snort[851]: Warning: flowbits key 'ms_sql_seen_dns' is > checked but not ever set. > Feb 5 13:57:29 snort[851]: Warning: flowbits key 'fkwp_conn_suc_cts' is > set but not ever checked. > Feb 5 13:57:29 snort[851]: Warning: flowbits key 'fkwp_conn_suc_cts' is > set but not ever checked. > Feb 5 13:57:29 snort[851]: Warning: flowbits key > 'backdoor.charon.download.log.1' is checked but not ever set. > Feb 5 13:57:29 snort[851]: Warning: flowbits key > 'backdoor.charon.download.log.1' is checked but not ever set. > Feb 5 13:57:29 snort[851]: Warning: flowbits key > 'optixlite_fai_conn_cts' is set but not ever checked. > Feb 5 13:57:29 snort[851]: Warning: flowbits key > 'optixlite_fai_conn_cts' is set but not ever checked. > Feb 5 13:57:29 snort[851]: Warning: flowbits key 'dce.bind.netware_cs' > is checked but not ever set. > Feb 5 13:57:29 snort[851]: Warning: flowbits key 'dce.bind.netware_cs' > is checked but not ever set. > Feb 5 13:57:29 snort[851]: Warning: flowbits key 'odf.file' is set but > not ever checked. > Feb 5 13:57:29 snort[851]: Warning: flowbits key 'odf.file' is set but > not ever checked. > Feb 5 13:57:29 snort[851]: Warning: flowbits key 'dce.bind.veritas' is > set but not ever checked. > Feb 5 13:57:29 snort[851]: Warning: flowbits key 'dce.bind.veritas' is > set but not ever checked. > > > > >>> [EMAIL PROTECTED] 2/5/2007 11:23 AM >>> > On 2/5/07, Bill Roth <[EMAIL PROTECTED]> wrote: > > is 512 enough? or should I move to a system that has 1 gig? > > I would follow what the release caveats page states. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
