Menu
▾
▴
Re: [Snort-inline-users] System hanging while using snort_inline
|
From: James A. P. <ja...@pc...> - 2004-01-21 16:34:55
|
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matthias Haas wrote: | Hello, | I am currentrly trying to run the snort_inline on one of our systems. The | problem is that the whole system "hangs" after about one day. | I have about 50 drop rules loaded to test the system. | <snip> | - my iptables rules used to feed the queue module | iptables -t mangle -A PREROUTING -i eth1 -j QUEUE | iptables -t mangle -A POSTROUTING -o eth1 -j QUEUE shouldn't you also do statefull matching and push those through the QUEUE? that's what I've had to do to get all packets analysed. | | | Is there anything wrong with my setup or does anyone have similiar problems. | I've had similiar issues where logrotation doesn't properly restart snort-inline and so traffic doesn't flow, but the box doesn't hang tight. Of course the client doesn't check snort-inline and just reboots the box, but running monit and monitoring snort-inline has caught this condition and rectified it, as long as monit is able to start on startup (something with the bridge not being all the way up and dns not resolving, had to put a sleep 30 in :( ). - -- James A. Pattie ja...@pc... Linux SysAdmin / Systems Programmer -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFADqodtUXjwPIRLVERAmUuAJ996dfcw0cpq1PaJ5JOvPXvR/hDbACfU9zr zmWA7jcM8WHY4CqK0/QWNk4= =s/NE -----END PGP SIGNATURE----- -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. |
