Re: Snort Segfaulting

["Will Metcalf" <william.metcalf () gmail com>]

Ummm yeah could you send me the coredump as well since it appears that
you are running snort_inline.  I'm guessing it might be kind of big so
if you could send it to me off list I would appreciate it.......

Regards,

Will

On 8/7/06, Martin Roesch <roesch () sourcefire com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Can you run a gdb backtrace so we can get a look at what's going on?
> Check out the BUGS file for explicit info on getting a backtrace.
>
>       -Marty
>
> On Aug 7, 2006, at 2:52 PM, Eric Hines wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > All,
> >
> > I am running in to a problem here on a Snort sensor that seems to be
> > segfaulting. For some reason this only happens with Snort 3.4. When
> > Snort 3.3 is used, the problem does not occur. I've tried (2)
> > different
> > Linux distros at this point, both SuSE 9 and CentOS 4 -- the problem
> > occurs on both.
> >
> > Snort does not log any crash details or information to the snort_log.
> >
> > Has anyone run in to this? Does anyone know what the problem may be
> > attributed to?
> >
> >
> > [root@localhost bin]# /aw/sbin/snort2.4 -i eth0 -c
> > /usr/local/appliedwatch/agent/inst/agent.aWGz2T/data/snort/conf/
> > snort.co
> > nf -l /usr/local/appliedwatch/agent/inst/agent.aWGz2T/var/snort/log
> >
> >
> >         --== Initialization Complete ==--
> >
> >    ,,_     -*> Snort_Inline! <*-
> >   o"  )~   Version 2.4.5 (Build 29)
> >    ''''    By Martin Roesch & The Snort Team:
> > http://www.snort.org/team.html
> >            (C) Copyright 1998-2005 Sourcefire Inc., et al.
> >            Snort_Inline Mod by William Metcalf, Victor Julien, Nick
> > Rogness,
> >            Dave Remien, Rob McMillen and Jed Haile
> >  NOTE: Snort's default output has changed in version 2.4.1!
> >        The default logging mode is now PCAP, use "-K ascii" to
> > activate
> >        the old default logging mode.
> >
> > Segmentation fault
> >
> >
> >
> >
> > - --
> >
> > Best Regards,
> >
> > Eric S. Hines, GCIA, CISSP
> > CEO, President, Chairman
> > Applied Watch Technologies, LLC
> >
> >
> > - --------------------------------------------------
> >
> > Eric S. Hines, GCIA, CISSP
> > CEO, President, Chairman
> > Applied Watch Technologies, LLC
> >
> > - --------------------------------------------------
> >
> > Email:   eric.hines () appliedwatch com
> > Address: 1095 Pingree Road
> >          Suite 213
> >          Crystal Lake, IL
> >          60014
> > Tel:     (877) 262-7593 ext:327
> > Local:   (847) 854-5831
> > Fax:     (847) 854-5106
> > Web:     http://www.appliedwatch.com
> >
> > - --------------------------------------------------
> > Security Management for the Open Source Enterprise
> >
> >
> >
> > -----BEGIN PGP SIGNATURE-----
> > Version: GnuPG v1.4.4 (MingW32)
> > Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
> >
> > iD8DBQFE14wE1va6QYTV0EMRAuD0AJ4vSEYBUbO/fY3lvf2SEAXg/NmOvgCfYHoa
> > VrQ/Mj3C/Q7bdwW5IwX8LU0=
> > =//QM
> > -----END PGP SIGNATURE-----
> > <eric.hines.vcf>
> > ----------------------------------------------------------------------
> > ---
> > Using Tomcat but need to do more? Need to support web services,
> > security?
> > Get stuff done quickly with pre-integrated technology to make your
> > job easier
> > Download IBM WebSphere Application Server v.1.0.1 based on Apache
> > Geronimo
> > http://sel.as-us.falkag.net/sel?
> > cmd=lnk&kid=120709&bid=263057&dat=121642______________________________
> > _________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> - --
> Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
> Sourcefire - Security for the Real World - http://www.sourcefire.com
> Snort: Open Source IDP - http://www.snort.org
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (Darwin)
>
> iD8DBQFE16mLqj0FAQQ3KOARApV2AJ44h6QXE+eaqUVgi5bs66Ly16aEcwCfTKlV
> q/qagBA2Xt29cHGKe6KOQJo=
> =AZ+t
> -----END PGP SIGNATURE-----
>
> -------------------------------------------------------------------------
> Using Tomcat but need to do more? Need to support web services, security?
> Get stuff done quickly with pre-integrated technology to make your job easier
> Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
> http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users