Snort mailing list archives
RE: +AFs-Snort-users+AF0- snort 1.8.1 dies
From: "Robert D. Hughes" <rob () robhughes com>
Date: Wed, 31 Oct 2001 08:02:30 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Try launching snort as snort -i eth1 -c /rules/snort.conf -T to put snort in diagnostics mode. - -----Original Message----- From: Philipp Snizek [mailto:mailinglists () belfin ch] Sent: Wednesday, October 31, 2001 4:33 AM To: 'Martin Roesch' Cc: snort-users () lists sourceforge net Subject: AW: [Snort-users] snort 1.8.1 dies
-----Ursprungliche Nachricht----- Von: roesch () mail sourcefire com [mailto:roesch () mail sourcefire com]Im Auftrag von Martin Roesch Gesendet: Samstag, 27. Oktober 2001 00:18 An: Philipp Snizek Cc: snort-users () lists sourceforge net Betreff: Re: [Snort-users] snort 1.8.1 dies We need more information. Command line switches, any error messages that Snort is generating, etc. If you're running in daemon mode, try running in normal mode and see if it gives you an error message or a core file, and if it does back trace it for us. Check the BUGS file for more info on what we're looking for. -Marty
I'm not a programmer yet. Please be patient with me. When running in normal mode: Fault is: "Segmentation Fault" it doesn't say anything more. I couldn't do gdb snort snort.core because I realized too late that it isn't installed on the system (when I got back into my own office and logged in via ssh). As soon as available I'll send you the information. switches are (if I correctly interprete what you mean) snort -i eth1 -c /rules/snort.conf if running in normal mode, plus "-D" if running in deamon mode. If running in deamon mode, the only "error" message I get is device eth1 left promiscuous mode in /var/log/messages System information: P133/48mb ram, Compaq Deskpro 586 Suse Linux 7.2 running kernel 2.4.4 /rules/snort.conf please see below - -- Philipp
Philipp Snizek wrote:Hi all, I've installed snort 1.8.1 on a p133 with 48mb ram, linuxkernel 2.4.4.The only log entries I've got are Oct 25 12:36:39 mx kernel: device eth1 left promiscuous mode Oct 26 18:12:44 mx kernel: device eth1 left promiscuous mode and then snort dies. Config is the following: var HOME_NET ip.address.of.host/32 var EXTERNAL_NET network.address/subnetmask var SMTP ip.address.of.host/32 var HTTP_SERVERS $HOME_NET var DNS_SERVERS ip.address.of.host/32 include bad-traffic.rules include exploit.rules include scan.rules #include finger.rules #include ftp.rules #include telnet.rules include smtp.rules include rpc.rules include rservices.rules include dos.rules include ddos.rules include dns.rules #include tftp.rules include web-cgi.rules include web-coldfusion.rules include web-frontpage.rules include web-iis.rules include web-misc.rules #include sql.rules #include x11.rules include icmp.rules #include netbios.rules include misc.rules include attack-responses.rules # include backdoor.rules # include shellcode.rules # include policy.rules # include info.rules # include icmp-info.rules # include virus.rules include local.rules I've never experienced this problem before with previoussnort version on other systems although Ihad a similar amount of rules running. I'm grateful for every tip to solve this problem. Philipp _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users-- Martin Roesch - President, Sourcefire Inc. - (410)552-6999 roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users -----BEGIN PGP SIGNATURE----- Version: PGP 7.0.4 iQA/AwUBO+AEdua2P6TrxG1EEQLM4QCg+J6ddaC4yZGSwx9f99niHvKkF8IAmwQG Nt1gb9w66yoWnDJf1VH7rXPI =F0Lt -----END PGP SIGNATURE-----
Attachment:
PGPexch.htm.asc
Description: PGPexch.htm.asc
Current thread:
- RE: +AFs-Snort-users+AF0- snort 1.8.1 dies Robert D. Hughes (Oct 31)