Snort mailing list archives
Re: Snort Segfaulting
From: "Will Metcalf" <william.metcalf () gmail com>
Date: Mon, 7 Aug 2006 16:21:00 -0500
Ummm yeah could you send me the coredump as well since it appears that you are running snort_inline. I'm guessing it might be kind of big so if you could send it to me off list I would appreciate it....... Regards, Will On 8/7/06, Martin Roesch <roesch () sourcefire com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Can you run a gdb backtrace so we can get a look at what's going on? Check out the BUGS file for explicit info on getting a backtrace. -Marty On Aug 7, 2006, at 2:52 PM, Eric Hines wrote:-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 All, I am running in to a problem here on a Snort sensor that seems to be segfaulting. For some reason this only happens with Snort 3.4. When Snort 3.3 is used, the problem does not occur. I've tried (2) different Linux distros at this point, both SuSE 9 and CentOS 4 -- the problem occurs on both. Snort does not log any crash details or information to the snort_log. Has anyone run in to this? Does anyone know what the problem may be attributed to? [root@localhost bin]# /aw/sbin/snort2.4 -i eth0 -c /usr/local/appliedwatch/agent/inst/agent.aWGz2T/data/snort/conf/ snort.co nf -l /usr/local/appliedwatch/agent/inst/agent.aWGz2T/var/snort/log --== Initialization Complete ==-- ,,_ -*> Snort_Inline! <*- o" )~ Version 2.4.5 (Build 29) '''' By Martin Roesch & The Snort Team: http://www.snort.org/team.html (C) Copyright 1998-2005 Sourcefire Inc., et al. Snort_Inline Mod by William Metcalf, Victor Julien, Nick Rogness, Dave Remien, Rob McMillen and Jed Haile NOTE: Snort's default output has changed in version 2.4.1! The default logging mode is now PCAP, use "-K ascii" to activate the old default logging mode. Segmentation fault - -- Best Regards, Eric S. Hines, GCIA, CISSP CEO, President, Chairman Applied Watch Technologies, LLC - -------------------------------------------------- Eric S. Hines, GCIA, CISSP CEO, President, Chairman Applied Watch Technologies, LLC - -------------------------------------------------- Email: eric.hines () appliedwatch com Address: 1095 Pingree Road Suite 213 Crystal Lake, IL 60014 Tel: (877) 262-7593 ext:327 Local: (847) 854-5831 Fax: (847) 854-5106 Web: http://www.appliedwatch.com - -------------------------------------------------- Security Management for the Open Source Enterprise -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFE14wE1va6QYTV0EMRAuD0AJ4vSEYBUbO/fY3lvf2SEAXg/NmOvgCfYHoa VrQ/Mj3C/Q7bdwW5IwX8LU0= =//QM -----END PGP SIGNATURE----- <eric.hines.vcf> ---------------------------------------------------------------------- --- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel? cmd=lnk&kid=120709&bid=263057&dat=121642______________________________ _________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users- -- Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616 Sourcefire - Security for the Real World - http://www.sourcefire.com Snort: Open Source IDP - http://www.snort.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (Darwin) iD8DBQFE16mLqj0FAQQ3KOARApV2AJ44h6QXE+eaqUVgi5bs66Ly16aEcwCfTKlV q/qagBA2Xt29cHGKe6KOQJo= =AZ+t -----END PGP SIGNATURE----- ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort Segfaulting Eric Hines (Aug 07)
- Re: Snort Segfaulting Eric Hines (Aug 07)
- Re: Snort Segfaulting Martin Roesch (Aug 07)
- Re: Snort Segfaulting Will Metcalf (Aug 07)
- Re: Snort Segfaulting Nerijus Krukauskas (Aug 18)