[Snort-devel] snort failes on ppp0

Hugo van der Kooij hvdkooij at ...372...
Mon Apr 9 15:02:01 EDT 2001


On Tue, 10 Apr 2001, Fyodor wrote:

> On Mon, Apr 09, 2001 at 08:39:16PM +0200, Hugo van der Kooij wrote:
> >
> > I tried to get snort v1.7 working but I failed. Installation was from
> > Source RPM on my SPARCclassic.
> > Kernel 2.2.17 (based on Red Hat Linux 6.2)
> > Rules set was taken from the site.
> > command line switches as defined in the INIT script (from RPM):
> > 	snort -u snort -g snort -s -d -D -v \
> > 	-i ppp0 -l /var/log/snort -c /etc/snort/snort.conf
> >
> > No logging recorded besides a noticed that ppp0 went promiscious for a
> > second or so and no sign of the snort process is to be found afterwards.
>
> Remove '-D' switch and try again. Then you should be able to see what snort
> doesn't like here :)

        --== Initializing Snort ==--

Initializing Network Interface ppp0
Kernel filter, protocol ALL, raw packet socket
Decoding raw data on interface ppp0
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
Segmentation fault (core dumped)

How do I do forensics on that dump???

Hugo.

-- 
Alle email aan mij verzonden is gebonden aan de regels beschreven op
mijn homepage.
All email send to me is bound to the rules described on my homepage.

    Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ  Maasland
    hvdkooij at ...372...		http://hvdkooij.xs4all.nl/

	    Don't meddle in the affairs of sysadmins,
	    for they are subtle and quick to anger.





More information about the Snort-devel mailing list