On Sat, 19 Mar 2005, Jeffrey B. Green wrote:

> Wow! What a tool.

Yeah!

It's good when it works for you, anyway.

> However, as a tiny update, I did run ktrace, and in the process the
> whole thing aborted with a core dump (no daemon mode). With -D option
> given to snort, the tail of the ktrace dump says that it is going into
> daemon mode and shortly after exits with a 0 exit code.

That means you didn't work out the right way to get it to follow the
child process or processes.

> Finally, it does a call to a break with an error return "-1 errno 12
> Cannot allocate memory" and immediate call to mmap with same return.

Looks like it wants more memory. Hmmm. Not sure why, but you could
always try giving it more with 'ulimit -d'. But probably it will just
eat that, too.

cjs
-- 
Curt Sampson  <cjs@cynic.net>   +81 90 7737 2974   http://www.NetBSD.org
      Make up enjoying your city life...produced by BIC CAMERA