Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 2 subscribers
  • Views 3703 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

snort not running - restarted

BarryG
I just got an email saying
"snort not running - restarted"

ASL is 5.202.

I'm glad it restarted quickly (looks like it was down for 15 seconds), but am concerned as to what caused it.

Thanks,
Barry

Code:
 
/var/log/ips.log:2005:05:18-13:30:25 (none) snort[16089]: spp_portscan: portscan status from xxx.xxx.48.66: 11 connections across 11 hosts: TCP(11), UDP(0)
/var/log/ips.log:2005:05:18-13:30:25 (none) snort[16089]: [119:12:1] (http_inspect) APACHE WHITESPACE (TAB)  {PROTO006} 207.105.34.102:4492 -> xxx.xxx.48.10:80
/var/log/ips.log:2005:05:18-13:30:26 (none) snort[16089]: [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY  {PROTO006} 66.255.108.3:3049 -> xxx.xxx.48.11:80
/var/log/ips.log:2005:05:18-13:30:26 (none) snort[16089]: [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY  {PROTO006} 64.167.179.165:3383 -> xxx.xxx.48.10:80
/var/log/ips.log:2005:05:18-13:30:27 (none) snort[16089]: spp_portscan: portscan status from xxx.xxx.48.66: 9 connections across 9 hosts: TCP(9), UDP(0)
/var/log/ips.log:2005:05:18-13:30:28 (none) snort[16089]: [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY  {PROTO006} 64.12.117.7:59214 -> xxx.xxx.48.11:80
/var/log/ips.log:2005:05:18-13:30:28 (none) snort[16089]: [119:15:1] (http_inspect) OVERSIZE REQUEST-URI DIRECTORY  {PROTO006} 64.12.117.7:59214 -> xxx.xxx.48.11:80
/var/log/ips.log:2005:05:18-13:30:29 (none) snort[16089]: spp_portscan: portscan status from xxx.xxx.48.66: 11 connections across 11 hosts: TCP(11), UDP(0)
/var/log/ips.log:2005:05:18-13:30:31 (none) snort[16089]: spp_portscan: portscan status from xxx.xxx.48.66: 12 connections across 12 hosts: TCP(12), UDP(0)
/var/log/ips.log:2005:05:18-13:30:46 (none) snort_inline: Initializing daemon mode

/var/log/selfmon.log:2005:05:18-13:30:36 (none) selfmonng[622]: check Failed increment snort_inline_running counter 1 - 3
/var/log/selfmon.log:2005:05:18-13:30:41 (none) selfmonng[622]: check Failed increment snort_inline_running counter 2 - 3
/var/log/selfmon.log:2005:05:18-13:30:46 (none) selfmonng[622]: check Failed increment snort_inline_running counter 3 - 3
/var/log/selfmon.log:2005:05:18-13:30:46 (none) selfmonng[622]: snort not running - restarted
/var/log/selfmon.log:2005:05:18-13:30:46 (none) selfmonng[622]: DEBUG: NOTIFYEVENT Name=snort_inline_running Level=INFO Id=115 sent
/var/log/selfmon.log:2005:05:18-13:30:46 (none) selfmonng[622]: actionCmd(+):  '/var/mdw/scripts/snort restart'


This thread was automatically locked due to age.
Parents Reply Children