[Snort-devel] Re: [Snort-users] Snort 1.8p1 on Solaris 8

Paul Asadoorian paul.com at ...243...
Thu Jul 12 11:20:16 EDT 2001


Here ya go:


bash-2.03# gdb ../bin/snort ../rules/core
Running /usr/local/bin/gdb-sun4u-5.8 ../bin/snort ../rules/core
GNU gdb 5.0
Copyright 2000 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain 
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "sparc-sun-solaris2.8"...
Core was generated by `../bin/snort -d -c snort.conf -l ../log'.
Program terminated with signal 6, Abort.
Reading symbols from /usr/lib/libm.so.1...done.
Loaded symbols for /usr/lib/libm.so.1
Reading symbols from /usr/lib/libsocket.so.1...done.
Loaded symbols for /usr/lib/libsocket.so.1
Reading symbols from /usr/lib/libnsl.so.1...done.
Loaded symbols for /usr/lib/libnsl.so.1
Reading symbols from /usr/lib/libc.so.1...done.
Loaded symbols for /usr/lib/libc.so.1
Reading symbols from /usr/lib/libdl.so.1...done.
Loaded symbols for /usr/lib/libdl.so.1
Reading symbols from /usr/lib/libmp.so.2...done.
Loaded symbols for /usr/lib/libmp.so.2
Reading symbols from /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1...done.
Loaded symbols for /usr/platform/SUNW,Ultra-5_10/lib/libc_psr.so.1
Reading symbols from /usr/lib/nss_files.so.1...done.
Loaded symbols for /usr/lib/nss_files.so.1
#0  0xff21a034 in _libc_kill () from /usr/lib/libc.so.1
(gdb) bt
#0  0xff21a034 in _libc_kill () from /usr/lib/libc.so.1
#1  0xff1b512c in abort () from /usr/lib/libc.so.1
#2  0xe4c1c in Letext ()
#3  0x3a97c in Preprocess (p=0xffbef658) at rules.c:3426
#4  0x2e78c in ProcessPacket (user=0x0, pkthdr=0x165400, pkt=0x16c482 "")
     at snort.c:512
#5  0x62508 in pcap_read ()
#6  0x6313c in pcap_loop ()
#7  0x2fe30 in InterfaceThread (arg=0x165748) at snort.c:1441
#8  0x2e628 in main (argc=1464136, argv=0xffbefd54) at snort.c:445
(gdb)

Bill Marquette wrote:

> 
> Paul, assuming you have gdb on the same system as snort, please do:
> 
> gdb /path/to/snort /path/to/core
> 
> type "bt" (minus quotes) at the "(gdb)" prompt and email the results back to
> snort-devel at lists.sourceforge.net (or snort-users, although snort-devel
> certainly seems to be a more correct place :)).
> 
> This is the best way to get debugging information back to the developers.
> 
> --Bill
> 
> 
> |--------+------------------------------->
> |        |          Paul Asadoorian      |
> |        |          <paul.com at ...243...>  |
> |        |                               |
> |        |          07/12/2001 09:36 AM  |
> |        |                               |
> |--------+------------------------------->
>   >-------------------------------------------------------------------------|
>   |                                                                         |
>   |      To:   snort-users <snort-users at lists.sourceforge.net>              |
>   |      cc:                                                                |
>   |      Client:                                                            |
>   |      Subject:   [Snort-users] Snort 1.8p1 on Solaris 8                  |
>   >-------------------------------------------------------------------------|
> 
> 
> 
> 
> 
> I am running the above and after a couple of minutes I got the following
> error:
> 
> rules.c:3426: failed assertion `idx->func != NULL'
> 
> [1]+  Abort                   (core dumped) ../bin/snort -d -c
> snort.conf -l ../log  (wd: /opt/local/snort/rules)
> (wd now: /opt/local/snort/log)
> 
> 
> I can't attach the core dump because it is too big for my email server,
> if you need it please let me know
> and I will put it on an ftp server somewhere or something....
> 
> Thanks,
> 
> Paul
> 
> BTW, here is the config file (sanatized):
> 
> var HOME_NET [MY.NET.19.0/24]
> var EXTERNAL_NET !$HOME_NET
> var SMTP $HOME_NET
> var HTTP_SERVERS $HOME_NET
> var SQL_SERVERS $HOME_NET
> var DNS_SERVERS [MY.NET.128.9/32,MY.NET.128.11/32]
> preprocessor frag2
> preprocessor stream4: noalerts
> preprocessor stream4_reassemble
> preprocessor http_decode: 80 -unicode -cginull
> preprocessor rpc_decode: 111
> preprocessor bo: -nobrute
> preprocessor telnet_decode
> preprocessor portscan: $HOME_NET 10 1 portscan.log
> preprocessor portscan-ignorehosts: $DNS_SERVERS
> include classification.config
> include exploit.rules
> include scan.rules
> include finger.rules
> include ftp.rules
> include telnet.rules
> include smtp.rules
> include rpc.rules
> include rservices.rules
> include backdoor.rules
> include dos.rules
> include ddos.rules
> include dns.rules
> include netbios.rules
> include web-cgi.rules
> include web-coldfusion.rules
> include web-frontpage.rules
> include web-iis.rules
> include web-misc.rules
> include sql.rules
> include x11.rules
> include misc.rules
> include local.rules
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-devel mailing list