Snort mailing list archives
Re: core dump
From: Matt Kettler <mkettler () evi-inc com>
Date: Thu, 21 Nov 2002 14:20:16 -0500
Well, I personally have not seen that problem before, but I can take some guesses as to what's going awry and give you some tips to try to make things work better.
From the output it is apparent that your snort is segfaulting while setting up rule chains. This could be a result of not handling bad input very well. Check your snort.conf for errors and logic bombs. Things like absurd netmasks, recursive, etc. If you've added any custom rules, take them out for the time being and try to run with only the packaged ruleset. It's easy to make a custom rule that has errors in it that make snort blow up on start. Basically try for a setup that's as close to the default snort.conf as possible, see if that works correctly.
You might get some useful information out of strace, but if it parses the rules files prior to building the memory structures you might not be able to tell what rule subset it is working on. Worth a shot anyway.
At 08:10 PM 11/20/2002 -0700, Nathaniel Fisher wrote:
Well i have almost given up. Im running openbsd 3.1 with the snort package avable from the openbsd ftp site. Ok well when i try and run it in daemon mode it dies quietly, i think. i run top and do not see it listed. so when i try and use snort to caputre trafic it fail outputing this message.$ sudo snort -c /etc/snort/snort.conf -l /var/log/snort/ Log directory = /var/log/snort/ Initializing Network Interface tl0 --== Initializing Snort ==-- Decoding Ethernet on interface tl0 Initializing Preprocessors! Initializing Plug-ins! Initializating Output Plugins! Parsing Rules file /etc/snort/snort.conf +++++++++++++++++++++++++++++++++++++++++++++++++++ Initializing rule chains... Memory fault (core dumped) What the hell is going on. Has nayone seen this before? thanks nate
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- core dump Nathaniel Fisher (Nov 21)
- Re: core dump Matt Kettler (Nov 21)