Project

General

Profile

Actions
Copy link

Bug #73

closed

Daemon mode generates more info than non-daemon mode on CentOS.

Added by Will Metcalf over 14 years ago. Updated about 14 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Jason Ish
Target version:
0.8.1
Affected Versions:
Effort:
Difficulty:
Label:

Description

On CentOS 5 running the engine with -D actually prints all Info and Error messages to the console. Additionally it prints it to every open console which results in more info actually being printed to the screen in Daemon mode than in non-Daemon mode. Actually quite hard to kill the engine on a busy network under these conditions.

Message from syslogd@ at Tue Jan 26 16:59:27 2010 ...
WIDS suricata: [17941] 26/1/2010 -- 16:59:27 - (detect.c:2471) <Info> (SigAddressPrepareStage3) -- MPM memory 577442574 (dynamic 577350366, ctxs 92208, avg per ctx 303230)
Message from syslogd@ at Tue Jan 26 16:59:27 2010 ...
WIDS suricata: [17941] 26/1/2010 -- 16:59:27 - (detect.c:2473) <Info> (SigAddressPrepareStage3) -- max sig id 8143, array size 1018
Message from syslogd@ at Tue Jan 26 16:59:27 2010 ...
WIDS suricata: [17941] 26/1/2010 -- 16:59:27 - (detect.c:2474) <Info> (SigAddressPrepareStage3) -- signature group heads: unique 2948, copies 20750.
Message from syslogd@ at Tue Jan 26 16:59:27 2010 ...
WIDS suricata: [17941] 26/1/2010 -- 16:59:27 - (detect.c:2476) <Info> (SigAddressPrepareStage3) -- MPM instances: 1904 unique, copies 1044 (none 0).
Message from syslogd@ at Tue Jan 26 16:59:27 2010 ...
WIDS suricata: [17941] 26/1/2010 -- 16:59:27 - (detect.c:2478) <Info> (SigAddressPrepareStage3) -- MPM (URI) instances: 17 unique, copies 2931 (none 0).
Message from syslogd@ at Tue Jan 26 16:59:27 2010 ...
WIDS suricata: [17941] 26/1/2010 -- 16:59:27 - (detect.c:2479) <Info> (SigAddressPrepareStage3) -- MPM max patcnt 4824, avg 1333
Message from syslogd@ at Tue Jan 26 16:59:27 2010 ...
WIDS suricata: [17941] 26/1/2010 -- 16:59:27 - (detect.c:2481) <Info> (SigAddressPrepareStage3) -- MPM (URI) max patcnt 4186, avg 20517 (348790/17)
Message from syslogd@ at Tue Jan 26 16:59:27 2010 ...
WIDS suricata: [17941] 26/1/2010 -- 16:59:27 - (detect.c:2482) <Info> (SigAddressPrepareStage3) -- port maxgroups: 81, avg 45, tot 11105
Message from syslogd@ at Tue Jan 26 16:59:27 2010 ...
WIDS suricata: [17941] 26/1/2010 -- 16:59:27 - (detect.c:2483) <Info> (SigAddressPrepareStage3) -- building signature grouping structure, stage 3: building destination address lists... done
Message from syslogd@ at Tue Jan 26 16:59:27 2010 ...
WIDS suricata: [17941] 26/1/2010 -- 16:59:27 - (alert-fastlog.c:231) <Info> (AlertFastLogInitCtx) -- Fast log output registered, filename: fast.log

Files

Download all files
0001-Making-logging-configurable.-If-no-logging-outputs-a.patch (9.44 KB) 0001-Making-logging-configurable.-If-no-logging-outputs-a.patch Jason Ish, 02/03/2010 05:45 PM
0002-I-know-Snort-defaults-to-syslog-in-daemon-mode-but-s.patch (1.21 KB) 0002-I-know-Snort-defaults-to-syslog-in-daemon-mode-but-s.patch Jason Ish, 02/03/2010 05:45 PM
Actions
Copy link

Also available in: Atom PDF