Re: segfault - how to troubleshoot

[Doug Burks <doug.burks () gmail com>]

It happened at 7:01, which is the time of our daily cronjob in
Security Onion to run PulledPork and restart Snort.  I'll look into
it.

Thanks,
Doug

On Tue, Jan 31, 2012 at 1:16 PM, Russ Combs <rcombs () sourcefire com> wrote:
> On Tue, Jan 31, 2012 at 12:53 PM, Mark W. Jeanmougin
> <mark.jeanmougin () cchmc org> wrote:
> > On 01/31/2012 11:56 AM, Joe S wrote:
> > > Any recommendation on how to troubleshoot? Snort was running for 22
> > > hours.
> >
> > Was a core dump generated?
> >
> > To see if core dumps are enabled, run "ulimit -a". The top line is for
> > "core file size". If it is set to zero, then you won't get one.
> >
> > Running "ulimit -c unlimited" before you start snort will enable them.
>
>
> Also, the core will be more informative if you can build with ./configure
> --enable-debug.  If you use gcc, that will still produced optimized code so
> the performance hit shouldn't be too much.
>
> What happened 22 hours ago?  Did you reconfigure or load new rules?  Any new
> so rules?
> > MJ
> >
> >
> >
> > ------------------------------------------------------------------------------
> > Keep Your Developer Skills Current with LearnDevNow!
> > The most comprehensive online learning library for Microsoft developers
> > is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> > Metro Style Apps, more. Free future releases when you subscribe now!
> > http://p.sf.net/sfu/learndevnow-d2d
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users () lists sourceforge net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> > Please visit http://blog.snort.org to stay current on all the latest Snort
> > news!
>
>
>
> ------------------------------------------------------------------------------
> Keep Your Developer Skills Current with LearnDevNow!
> The most comprehensive online learning library for Microsoft developers
> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
> Metro Style Apps, more. Free future releases when you subscribe now!
> http://p.sf.net/sfu/learndevnow-d2d
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort
> news!



-- 
Doug Burks
SANS GSE and Community Instructor
Security Onion | http://securityonion.blogspot.com
President, Greater Augusta ISSA | http://augusta.issa.org
Please vote for Security Onion for 2011 Toolsmith Tool of the Year! |
http://goo.gl/PwTDi

------------------------------------------------------------------------------
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!