Snort mailing list archives
Re: Segfault on fun funy rule
From: Erek Adams <erek () snort org>
Date: Thu, 26 Feb 2004 01:13:38 -0500 (EST)
[...comments inline...] On Wed, 25 Feb 2004, Jason Monroe "JC" wrote:
Downloaded 2.1.1 built it against Fedora Core 1 pcre 4.4 libpcap-0.7.2-7.1
[...snip...]
Have rule in local.rules that causes breakage alert tcp any any -> any any (msg:"Telnet login as root";content:"root";nocase;flow:to_server:established;) I mistakenly typed a ":" instead of "," between the flow statement When I correct the rule snort is able to init correctly :) (the glass is half full)
Good. :) Don't type that. :) Your problem below isn't the same--It's different.
I looked at the FAQ said DO GDB so here it is [root@Fedora1 root]# gdb snort GNU gdb Red Hat Linux (5.3.90-0.20030710.41rh)
[...snip...]
(gdb) run snort -T -v -c /etc/snort/snort.conf Starting program: /opt/snort/bin/snort snort -T -v -c /etc/snort/snort.conf Running in IDS mode Log directory = /var/log/snort Initializing Network Interface eth0 ERROR: OpenPcap() FSM compilation failed: syntax error PCAP command: snort Fatal Error, Quitting.. Program exited with code 01. (gdb) where No stack. (gdb) bt No stack.
Makes perfect sense. :) Instead of "run snort ...." try just "run <options>" without the word 'snort'. Libpcap is seeing that and trying to interpret it as a BPF style filter, hence the syntax error with OpenPcap. Cheers! ----- Erek Adams "It looks just like a Telefunken U-47. You'll love it..." -- Frank Zappa ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Segfault on fun funy rule Jason Monroe "JC" (Feb 25)
- Re: Segfault on fun funy rule Erek Adams (Feb 25)
- Re: Segfault on fun funy rule Jason Monroe "JC" (Feb 26)
- Re: Segfault on fun funy rule Erek Adams (Feb 25)