[Snort-devel] Re: Snort 2.0 on OpenBSD 3.3 Errors Out Post-Init (bug?)

James Webb jtwebb at ...1932...
Sun Apr 20 07:45:11 EDT 2003


256MB RAM + 512MB in Swap

Prior to running Snort v2, memory totals & allocation:

Memory: Real: 8164K/40M act/tot  Free: 206M  Swap: 0K/512M used/tot

While Snort is running:

Memory: Real: 48M/80M act/tot  Free: 166M  Swap: 0K/512M used/tot

Process size shows up as 40M...
27036 snort     36    0   40M   40M run   -        0:00  2.93% snort

Thanks,
-JTW
>>> Martin Roesch <roesch at ...402...> 04/18/03 10:59AM >>>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

How much RAM do you have on this machine?

      -Marty

On Friday, April 18, 2003, at 10:50 AM, James Webb wrote:

> Snort Developers,
>
> I haven't been able to locate a mailinglist posting or other info on
> the web regarding certain errors(below)..so I am submitting problem
for
> evaluating as potential bug.
>
> I have posted query to misc at ...76... to see if anyone else has
been
> able to use snort v2 on openbsd 3.3 without seeing these issues, and
no
> response as of yet.  Please disregard and accept my apologies for
the
> spam if this is known config issue.
>
> Thanks,
> -JTW
>
> Details
> ==================
> System Architecture: (x86)
> Operation System: (OpenBSD3.3 stable branch)
> Version of Snort: Version 2.0.0 (Build 72)
> Preprocessors: frag2,
>                          stream4:detect_scans,
disable_evasion_alerts,
>                          stream4_reassemble
>                          http_decode: 80 unicode iis_alt_unicode
> double_encode iis_flip_slash full_whitespace
>                          rpc_decode: 111 32771
>                          telnet_decode
>
>
> Snort cmd-line: /usr/local/bin/snort -y -e -d -z -A full -b -u snort
-g
> nobody  -c /home/snort/conf/snort.conf -i xl0 -l
/home/snort/LOGS/$DATE
> -L packet.log
>
> The following rules in snort.conf generate these errors:
>
> exploit.rules    -yields-   ERROR: No memory in
> mwmPrephashedPatternGroups()Fatal Error, Quitting...
> scan.rules       -yields-   ERROR: No memory in
> mwmPrephashedPatternGroups()Fatal Error, Quitting...
> rpc.rules         -yields-   Memory Fault
> dos.rules         -yields-   ERROR: No memory in
> mwmPrephashedPatternGroups()Fatal Error, Quitting...
> ddos.rules       -yields-   ERROR: No memory in
> mwmPrephashedPatternGroups()Fatal Error, Quitting...
> web-cgi-rules   -yields-   No memory - file:fpcreate.c
pmx-uricontent
> !
> web-iis.rules    -yields-   ERROR: No memory in
> mwmPrephashedPatternGroups()Fatal Error, Quitting...
> web-misc.rules  -yields- Memory Fault
>
> If these rules are commented out Snort v2.0.0 (Build 72) runs with
no
> problems;
> also these rules generate no issues with Snort v1.9.1
>
>
- -- 
Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616
Sourcefire: Snort-based Enterprise Intrusion Detection Infrastructure
roesch at ...402... - http://www.sourcefire.com 
Snort: Open Source Network IDS - http://www.snort.org 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (Darwin)

iD8DBQE+oBLlqj0FAQQ3KOARAtTSAJ9LzQA9/AnEpgutL2BirpFtNb1IUgCfTesR
xRiZdBpMZp2gB7jx+JibOUw=
=ui7e
-----END PGP SIGNATURE-----





More information about the Snort-devel mailing list