[Snort-devel] Snort on Sparc Bus Error in stream4

Bill Scherr IV bschnzl at ...820...
Fri Jun 7 16:26:02 EDT 2002


folks...

   I am building a misuse IDS on a SPARC Netra T-1.  I get a Bus Error 
with Stream4 enabled!  The following is output  with detect_scans 
specified.  The current machine  has 256MB  RAM.  

# snort -T
Log directory = /var/log/snort

Initializing Network Interface eth0
using config file /etc/snort.conf
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!
Parsing Rules file /etc/snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
Stream4 config:
    Stateful inspection: ACTIVE
    Session statistics: INACTIVE
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    State alerts: INACTIVE
    Scan alerts: ACTIVE
    Log Flushed Streams: INACTIVE
Bus error

And this with no options:
# snort -T
Log directory = /var/log/snort

Initializing Network Interface eth0
using config file /etc/snort.conf
Initializing Preprocessors!
Initializing Plug-ins!
Initializating Output Plugins!
Parsing Rules file /etc/snort.conf

+++++++++++++++++++++++++++++++++++++++++++++++++++
Initializing rule chains...
No arguments to frag2 directive, setting defaults to:
    Fragment timeout: 60 seconds
    Fragment memory cap: 4194304 bytes
No arguments to stream4 directive, setting defaults to:
    Session timeout: 30 seconds
    Session memory cap: 8388608 bytes
    Stateful Inspection: ACTIVE
    Stream Reassembly: INACTIVE
    Stream Stats: INACTIVE
    State Alerts: INACTIVE
    Scan Alerts: INACTIVE
    Log Flushed Streams: INACTIVE
    Minimum TTL: 1
    MTU: 1460 bytes
Bus error

Snort appears to  start successfully without the stream4 preprocessor! 
 I am willing to try experimental code!






More information about the Snort-devel mailing list